socket.io saves the request object from the original request that initiated the socket.io connection in socket.request .
In this request object:
request.url request.headers
The .url property will be the URL path (everything after the protocol, hostname and port).
The .headers property will contain any headers of the original request. In a collaborative browser, if the request is a cross-search request, then there will be an origin header that tells you which domain belongs to the web page from which the request was initiated (it can also be present on one server, the initial request too). This "origin" header will be accurate when using a reliable browser such as Chrome, IE, Safari, Firefox, etc., but it can be easily faked if it comes from any other agent (for example, another server or script).