@techreport{request-header-originated-with-00,
    number =    {draft-request-header-originated-with-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-request-header-originated-with/00/},
    author =    {Noman Riffat},
    title =     {{Request Header Originated With}},
    pagetotal = 5,
    year =      2018,
    month =     dec,
    day =       20,
    abstract =  {This document proposes a new Request Header that must be initiated every time a user-agent sends XMLHttpRequest. The aim of this header is to limit the possibilities of XSS to RCE and preventing Javascript from stealing CSRF tokens on other URLs of same domain. This will allow developers to block request if it wasn't supposed to be sent via XMLHttpRequest.},
}