I don’t understand how knowing the origin ip can help you exploit that reflected xss. A better example would have been a server side vulnerability.

And to mitigate this it’s not enough to just whitelist ip addressess, you can bypass this easily in case of Cloudflare at least. https://t.co/FKIQRBn1Nv