The Web Origin Concept
This document defines the concept of an "origin," which is used by web browsers to isolate content retrieved from different parties. The origin concept is defined by a "same-origin" relation and a serialization algorithm. This document also defines an HTTP Origin header, which a user agent can use to describe the security contexts that caused the user agent to initiate an HTTP request. HTTP servers can use the Origin header to mitigate against Cross-Site Request Forgery (CSRF) vulnerabilities.