[alexchamberlain]

Headers are too easily spoofed to carry security information without a signature.

[mooism2]

It's like security through obscurity: on its own it's inadequate, but as an extra layer it can be helpful.

[alexchamberlain]

How is this helpful? We have proved it's inconsistent... Do you check IP addresses for security too?

[mooism2]

I can imagine a bank fraud detection system being more suspicious of unusually large transactions if they originate from an unusual phone number or ip address, yes.