Why has the "Origin" HTTP header not been universally adopted?

Asked Oct 27 '15 at 16:05

Active Oct 27 '15 at 16:05

Viewed 44 times

After running tests on a few browsers on browserscope.org, I noted that neither Firefox or IE have adopted the "Origin" HTTP header.

This header is a useful and valid way of helping prevent CSRF attacks, in my opinion.

Why has it not been universally adopted?

edited Oct 07 '21 at 07:24

Community

asked Oct 27 '15 at 16:05

Cybergibbons

Hmm - I agree, probably so similar that it is not worth having this as an independent question. Are there other examples where adoption has been halted because it needs universal adoption to be useful? – Cybergibbons Oct 27 '15 at 16:23

0 Answers0