Y
Hacker News
new
|
ask
|
show
|
jobs
by
mxey
178 days ago
Without those headers, you can as a fallback compare the Origin header to the Host header.
See
https://words.filippo.io/csrf/