The Origin header is considered helpful against JSON data theft and CSRF attacks. The information provided by Origin--a bit of contextual request-creation information--should provide hints to web servers about trustworthiness of requests in all three of these situations. Browser sends referrer header to server to indicate what the URL of the page that made the request is. Full URL is not great for privacy and many organizations filter referrer headers. Origin header just includes the origin of the page. Mostly just for POST requests. Largely designed to deal with CSRF. Support for origin header not done in all ... Aug 02, 2013 · Cross Site Request Forgery in JS Web Apps. Ensuring that attackers don’t forge requests in your web applications can be a tricky businesses, one that often requires a hand-rolled solution. As soon as you have a session, you need to start thinking about cross site request forgery (CSRF). Shared components used by Firefox and other Mozilla software, including handling of Web content; Gecko, HTML, CSS, layout, DOM, scripts, images, networking, etc. Issues with web page layout probably go here, while Firefox user interface issues belong in the Firefox product.