OWASP CSRF Prevention cheatsheet talks about two popular mitigations for CSRF - Origin/Referrer header check and Token based.

Are there any issues Origin/referrer check based mitigation that could have been caught by token based mitigation and vice versa? I am just trying to understand if we need to employ both of them in our applications. I would like to implement both of them if each of them has any drawback that could have been caught by the other one (If there is nothing as such - I would like to just select one of them for now and consider about adding other defense in depth measure at later point of time)


[1] https://www.owasp.org/index.php/Cros...on_Cheat_Sheet