CSRF protection with verifying the origin header and referrer header
|Added at||2016-12-18 07:12|
I saw a documentation about protecting CSRF attack. It's said to protect from CSRF, if origin header is presents, verify it value matches the target origin. If origin header is not presents, verify it referrer header. If both of them not presents, it suggests reject the request.
However, I don't know what is origin header and referrer header and what is their difference. Also, how they related to the CSRF protection?
Here is the link of the documentation: https://www.owasp.org/index.php/CrossSite_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet Thanks for your kindly attention.