How to get the origin from the incoming request

I’m trying to access origin from

const origin = request.headers.get("origin");

but I’m getting null as the response. In Node.js I used to get this origin by

const http = require('http');

const server = http.createServer((req, res) => {
  const origin = req.headers.origin;

As mentioned on MDN (see: Origin - HTTP | MDN)

The Origin header is similar to the Referer header, but does not disclose the path, and may be null.

What is the need for the header? Are you checking the request has come from a specific origin in order to allow or block?

yes, I wanna block some origin based on it.

Depending on how this worker is accessed using the Access-Control-Allow-Origin header is a good option for enforcing CORS.

But checking Origin or Referrer headers may not return a value depending on the Referrer-Policy header value.

So you might want to block anything that is null and anything not matching the desired origin.

I’ve been using Access-Control-Allow-Origin, but the major limitation is that it is effective only in the browser environment.

Relying on Origin isn’t great either. Using curl it is possible to set the origin to whatever value is desired.