Since the public-webapps list was never able to reconcile[1] HTML5's Origin
header (now renamed XXX-Origin[2]) with CORS's Origin header[3], we're left
with two headers with similar implementations and similar names. Due to this,
it may prudent to rename XXX-Origin to something without "Origin" in the name
to better distinguish between the two. I don't know what the header should be
renamed to ("Source"?), but no matter which name is chosen for the header, it
should be listed as a prohibited header for XHR.setRequestHeader()[4].
- Bil
[1] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0057.html
[2]
http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#navigate-fragid-step
[3] http://www.w3.org/TR/cors/#origin-header
[4] http://www.w3.org/TR/XMLHttpRequest2/#author-request-headers
