diff --git a/jupyter_server/base/handlers.py b/jupyter_server/base/handlers.py
index 3909c7063..dd67e8ef3 100644
--- a/jupyter_server/base/handlers.py
+++ b/jupyter_server/base/handlers.py
@@ -535,7 +535,7 @@ def check_xsrf_cookie(self) -> None:
             # Servers without authentication are vulnerable to XSRF
             return None
         try:
-            if not self.check_origin():
+            if not self.check_referer():
                 raise web.HTTPError(404)
             return super().check_xsrf_cookie()
         except web.HTTPError as e: