Excellent! Direct and to the point, much appreciated =)
Since you seem to know what I’m talking about here I would be curious as to the technical reason why the origin isn’t necessary and is “unnecessarily misleading for the server”. I don’t know enough about the requirements of these headers yet so I’m super curious 
For anyone coming around later and needing to know what the “Sec-WebSocket-Key” header is:
it’s a 16 byte base64 nonce which is just a base64 random string. Base64’s are specifically an encoded string composed of(a-z, A-Z, 0-9, +, /) and that has a length that’s a multiple of 3 with any additional space needed being padded with a “=”(so this one will always end with a ‘=’). Here’s a useful function to generate a nonce for it:
function generatePaddedBase64String(length) {
let base64string = '';
let base64accepted = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for (let i = 0;i < length;i++) {
base64string += base64accepted.charAt(Math.floor(Math.random() * base64accepted.length));
}
let paddingLength = base64string.length % 3;
for(let i = 0;i < paddingLength;i++) {
base64string += '=';
}
return base64string;
}
Probably an argument their for performance but that ain’t why I’m here currently! lol
Appreciate the help @3ventic! 