How secure is HTTP_ORIGIN?
HTTP_ORIGIN is a way to protect against CSRF (Cross Site Request Forgery) requests. Currently it is implemented only by Chrome (as of Nov 2011). I tested Firefox and Opera, but they failed. Its name in the request header is Origin. On the server in my PHP script I see it as HTTP_ORIGIN in the $_SERVER … Read more