The user agent MAY include an Origin header in any HTTP request.[…]Whenever a user agent issues an HTTP request from a “privacy-sensitive” context, the user agent MUST send the value “null” in the Origin header.NOTE: This document does not define the notion of a privacy-sensitive context. Applications that generate HTTP requests can designate contexts as privacy-sensitive to impose restrictions on how user agents generate Origin headers.
Copyright © 1999-2013 BZ Media LLC, all rights reserved. Legal and Privacy
Phone: +1 (631) 421-4158 • E-mail: firstname.lastname@example.org