Are you talking about the HTTP referer? That's easily spoofable and can't be relied on server-side. The same-origin policy and all the CORS security is implemented in the browser itself, not in HTTP.
If you need to be certain that a request originated from your own page and not another domain you need to use a CSRF token.
Also, it's easily bypassed.