Can you falsify the header data in Origin?
GET /ttt HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Origin: http://webru.ru
Sec-WebSocket-Key: 32f2f2f2342r23
Sec-WebSocket-Version: 13
No. The contents of the Origin
header are always set by the browser, and cannot be overridden.