On Mon, 29 Sep 2008, Anne van Kesteren wrote:
A cross-site XMLHttpRequest request would always include Origin. I haven't really seen other specifications start using it yet, but I believe there are some experimental implementations for including it in cross-site <form> POST requests.
Yup, I mean the non-XMLHttpRequest "Origin" header as proposed / implemented by Adam Barth and Collin Jackson for generic POSTs (though I might be not doing the implementation justice, so it's probably best for them to chime in).
/mz
