1. 2019. Attempt to plug an information leak represented by http status. https://github.com/kohler/hotcrp/commit/ 406a966aad00a762460fbc62cfb04a7532fc9fbd
2. 2022. Fetch Standard CORS protocol and credentials. https:// fetch.spec.whatwg.org/#cors-protocol-and-credentials
3. 2022. The HTTP archive. https://httparchive.org/
4. Tulip 5
5. Adam Barth, Joel Weinberger, and Dawn Song. 2009. Cross-Origin Javascript Capability Leaks: Detection, Exploitation, and Defense. In Proceedings of the 18th Conference on USENIX Security Symposium (Montreal, Canada) (SSYM'09). USENIX Association, USA, 187--198.