Critbook reflects any Origin header in its CORS response. Exploit the misconfiguration to make cross-origin requests that leak authenticated data.
