diff --git a/frida_tools/tracer.py b/frida_tools/tracer.py
index 3fe8044..0be3682 100644
--- a/frida_tools/tracer.py
+++ b/frida_tools/tracer.py
@@ -341,6 +341,17 @@ def _handle_asset_request(
             self, connection: websockets.asyncio.server.ServerConnection, request: websockets.asyncio.server.Request
         ):
             if request.headers.get("Connection") == "Upgrade":
+                origin = request.headers.get("Origin")
+                if origin != f"http://localhost:{self._ui_port}":
+                    self._print(
+                        Fore.RED
+                        + Style.BRIGHT
+                        + "Warning"
+                        + Style.RESET_ALL
+                        + f": Cross-origin request from {origin} denied"
+                    )
+                    return connection.respond(http.HTTPStatus.FORBIDDEN, "Cross-origin request denied\n")
+
                 return
 
             raw_path = request.path.split("?", maxsplit=1)[0]