On Fri, Mar 8, 2013 at 6:21 PM, Adam Barth <w3c at adambarth.com> wrote: > I would recommend including an Origin header in every non-GET request > (and, of course, in some GET requests because of CORS). That sounds fairly straightforward. Thanks! -- http://annevankesteren.nl/