You have turned on the XSRF protection engine. You can disable it in tweak setting by unchecking:
Only permit cpanel/whm/webmail to execute functions that have a referrer that matches one of the domains/ip on this server. This will help prevent XSRF attacks, but may break integration with other systems, login applications, and billing software.
Only permit cpanel/whm/webmail to execute functions that have a referrer that matches one of the domains/ip on this server. This will help prevent XSRF attacks, but may break integration with other systems, login applications, and billing software.