These checks prevent, for example, a POST request fromsubdomain.example.com from succeeding against api.example.com. If youneed cross-origin unsafe requests, continuing the example, add' ' to this list (and/or ifrequests originate from an insecure page).