Javascript Question
Can Fake of data in the header Origin (websocket)?
Can you falsify the header data in Origin?
GET /ttt HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Origin: http://webru.ru
Sec-WebSocket-Key: 32f2f2f2342r23
Sec-WebSocket-Version: 13
Answer
No. The contents of the Origin header are always set by the browser, and cannot be overridden.
Source (Stackoverflow)