Whitepaper entitled “Exploiting the XmlHttpRequest object in IE – Referrer spoofing, and a lot more.”
You can download it from the following link: https://packetstormsecurity.com/files/download/40251/xmlhttpRequestpaper.txt
Source: https://packetstormsecurity.com/files/40251/xmlhttpRequestpaper.txt.html