Reply to thread

I think nowadays you could simply check the "Sec-Fetch-Site" header or the "Origin" header that browsers automatically send for POST requests.


Back
Top Bottom