Removed the default 'http://evil.com' Origin override in the request.

[ENuge]

Re #45 .

At my work, we use the Origin header to try and guess whether a full request/response is occurring over https or not. More generally, I think it's common to log non-sensitive headers for threat monitoring/analytics etc. For anyone not familiar with this extension, a large number of incoming requests from 'evil.com' can be very alarming!

That said, I left the ability as a comment with how to enable - if people want to change the request origin, they should feel free to. But I don't think that should be happening for devs unknowingly. :)

@vitvad , there hasn't been much activity in this repo lately but I'd love if you could merge this in and get an update into the extension store (my understanding is existing users should get autoupdated?). Let me know if there's anything you'd need from me to make that easier. 🍻