Implement cookie and origin sanitation

lib/interceptor.js

@@ -85,8 +85,10 @@ var Interceptor = new Class({
             return;
         }
 
-        // Remove referer header from request.
+        // Remove sensitive headers from the request.
         httpChannel.setRequestHeader('Referer', null, false);
+        httpChannel.setRequestHeader('Origin', null, false);
+        httpChannel.setRequestHeader('Cookie', null, false);
 
         // Convert the original request URI to a local target.
         target = requestAnalyzer.getLocalTarget(httpChannel.URI.host, httpChannel.URI.path);

lib/request-analyzer.js

@@ -78,8 +78,11 @@ exports.isValidCandidate = function (httpChannel) {
     // If the request initiator could be determined and is whitelisted.
     if (initiatorDomain && whitelistedDomains[_normalizeDomain(initiatorDomain)]) {
 
-        // Remove referer header from request.
+        // Remove sensitive headers from the request.
         httpChannel.setRequestHeader('Referer', null, false);
+        httpChannel.setRequestHeader('Origin', null, false);
+        httpChannel.setRequestHeader('Cookie', null, false);
+
         return false;
     }