diff --git a/go.mod b/go.mod
index 03e2e58..58095a2 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/xtaci/kcp-go/v5 v5.6.1
 	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
 	golang.org/x/net v0.0.0-20201031054903-ff519b6c9102 // indirect
-	golang.org/x/sys v0.0.0-20201106081118-db71ae66460a // indirect
+	golang.org/x/sys v0.0.0-20201107080550-4d91cf3a1aaf // indirect
 	golang.org/x/tools v0.0.0-20201105220310-78b158585360 // indirect
 	gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect
 )
diff --git a/go.sum b/go.sum
index ab6abce..d96a287 100644
--- a/go.sum
+++ b/go.sum
@@ -119,8 +119,8 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200808120158-1030fc2bf1d9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201106081118-db71ae66460a h1:ALUFBKlIyeY7y5ZgPJmblk/vKz+zBQSnNiPkt41sgeg=
-golang.org/x/sys v0.0.0-20201106081118-db71ae66460a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201107080550-4d91cf3a1aaf h1:kt3wY1Lu5MJAnKTfoMR52Cu4gwvna4VTzNOiT8tY73s=
+golang.org/x/sys v0.0.0-20201107080550-4d91cf3a1aaf/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/proxy/ssr/internal/obfs/tls12_ticket_auth.go b/proxy/ssr/internal/obfs/tls12_ticket_auth.go
index 1eec6ad..2874c89 100644
--- a/proxy/ssr/internal/obfs/tls12_ticket_auth.go
+++ b/proxy/ssr/internal/obfs/tls12_ticket_auth.go
@@ -216,7 +216,7 @@ func (t *tls12TicketAuth) Encode(data []byte) (encodedData []byte, err error) {
 		encodedData[pdata-1] = 0x1
 		encodedData[pdata-2] = 0x3 // tls version
 		pdata -= 2
-		l += 2
+		// l += 2
 		encodedData[pdata-1] = 0x16 // tls handshake
 		// pdata -= 1
 		// l += 1
diff --git a/proxy/ws/client.go b/proxy/ws/client.go
index 16cf470..672277b 100644
--- a/proxy/ws/client.go
+++ b/proxy/ws/client.go
@@ -52,11 +52,11 @@ type ClientConn struct {
 // NewClientConn creates a new ws client connection.
 func (s *WS) NewClientConn(rc net.Conn) (*ClientConn, error) {
 	conn := &ClientConn{Conn: rc}
-	return conn, conn.Handshake(s.host, s.path)
+	return conn, conn.Handshake(s.host, s.path, s.origin)
 }
 
 // Handshake handshakes with the server using HTTP to request a protocol upgrade.
-func (c *ClientConn) Handshake(host, path string) error {
+func (c *ClientConn) Handshake(host, path, origin string) error {
 	clientKey := generateClientKey()
 
 	buf := pool.GetBytesBuffer()
@@ -66,7 +66,9 @@ func (c *ClientConn) Handshake(host, path string) error {
 	buf.WriteString("Host: " + host + "\r\n")
 	buf.WriteString("Upgrade: websocket\r\n")
 	buf.WriteString("Connection: Upgrade\r\n")
-	buf.WriteString("Origin: http://" + host + "\r\n")
+	if origin != "" {
+		buf.WriteString("Origin: http://" + origin + "\r\n")
+	}
 	buf.WriteString("Sec-WebSocket-Key: " + clientKey + "\r\n")
 	buf.WriteString("Sec-WebSocket-Protocol: binary\r\n")
 	buf.WriteString("Sec-WebSocket-Version: 13\r\n")
diff --git a/proxy/ws/server.go b/proxy/ws/server.go
index 2bd2b7d..9fcb52f 100644
--- a/proxy/ws/server.go
+++ b/proxy/ws/server.go
@@ -23,7 +23,7 @@ func NewWSServer(s string, p proxy.Proxy) (proxy.Server, error) {
 	// prepare transport listener
 	// TODO: check here
 	if len(transport) < 2 {
-		return nil, errors.New("[tls] malformd listener:" + s)
+		return nil, errors.New("[ws] malformd listener:" + s)
 	}
 
 	w, err := NewWS(transport[0], nil, p)
diff --git a/proxy/ws/ws.go b/proxy/ws/ws.go
index f35e439..7d13a1d 100644
--- a/proxy/ws/ws.go
+++ b/proxy/ws/ws.go
@@ -21,6 +21,7 @@ type WS struct {
 	addr   string
 	host   string
 	path   string
+	origin string
 
 	server proxy.Server
 }
@@ -46,6 +47,7 @@ func NewWS(s string, d proxy.Dialer, p proxy.Proxy) (*WS, error) {
 		addr:   addr,
 		host:   u.Query().Get("host"),
 		path:   u.Path,
+		origin: u.Query().Get("origin"),
 	}
 
 	if w.host == "" {