I have a REST API created with Express. One of my API's endpoint is available to all unauthorized users. My goal is to allow unauthorized users to use this endpoint only if they make a request to it from my site, which is hosted on a different domain.
At the moment, I have already implemented a protection using the Origin header. I understand that it can be easily spoofed, so I'm looking for other layers of protection.
