javascript - Getting Browser URL in Node.js -

i looking browser url user has included external js file in website. include js file, makes ajax call using jquery node server. know pass url server getting javascript , sending ajax call, assume security risk since it's easy fake url. have same security issue looking @ header. know how url sercurely server? i'm using node.js , express server.

if trust person controlling client can use referer header, note suppressed browser protect user's privacy.

if control server hosting html can have server generate psuedo-random token, send server hosting js url html, embed token in query string <script> element embeds in html before delivering html client.

otherwise, there no entity trust tell truth url , stuck.