If the underlying hypothesis that overworked developers are bad developers is true (and I believe it is), then it should be a competitive advantage to not overwork your developers.
Yeah, except what this actually means is, "You don't have any interests outside of work and you do not have kids that may take you away from work and you don't have a SO/spouse to tell you that you're being taken advantage of."
It's not really about your interests, it's about you being naive.
That's the kind of solution I've used before when performing reflection in a tight loop. The important thing there is to cache the result of the compiled expression or the dynamic IL code because the compile time/emit is slower than a single use of reflection.
You can use it to identify unsophisticated attacks, sure.
However, if someone has the ability to make malicious HTTP requests on my behalf using my browser can you really be sure that they don't have the ability to make malicious HTTP requests with altered headers through a malicious extension or a browser specific exploit or some other vector?
You still have to do all the other attack mitigation strategies in addition to checking the Origin header, and I'm not sure the extra complexity buys you anything in the long-term.