Are there any browsers that set the origin header to “null” for privacy-sensitive contexts?

Question

The Origin spec indicates that the Origin header may be set to \"null\". This is typically done when the request is coming from a file on a user\'s computer rat

Answer 1

There are a few other cases related to iframe which can cause a null origin: https://webdbg.com/test/sandbox/frames.htm