Maybe someone in this
understood before me?
The goal is at the server level to distinguish clicks on a href, made by living people, from ajax and other tricky queries made by bots, spiders, or custom scripts in browsers.
Is it possible in General to assume that the presence of the Origin header is sufficient reason to believe the request is not exactly meets the criterion of "normal click on a normal link"?
The task is to monitor and prevent click-fraud banners.