Canmove, confirm
1,537
edits
Changes
no edit summary
<i>The HTTP Request header Sec-From, has changed from "Origin" to avoid conflict with the similarly named header in [http://www.w3.org/TR/2009/WD-cors-20090317/ Cross-Origin Resource Sharing].</i>
= Summary Origin header proposal for CSRF and clickjacking mitigation =
This page contains collected thoughts generated in discussion and deep thinking about implementing some type of [http://people.mozilla.org/~bsterne/content-security-policy/origin-header-proposal.html Origin-like header].
