It is important ( from a security perspective ) to validate the " Origin " header during the connection establishment process on the serverside ( against the expected origins ) to avoid Cross-Site WebSocket Hijacking attacks, which might be possible when the connection is authenticated with Cookies or HTTP authentication.
