diff --git a/5.0/en/0x50-V50-Web-Frontend-Security.md b/5.0/en/0x50-V50-Web-Frontend-Security.md
index 5bd03dc639..08bfc07bd2 100644
--- a/5.0/en/0x50-V50-Web-Frontend-Security.md
+++ b/5.0/en/0x50-V50-Web-Frontend-Security.md
@@ -44,9 +44,11 @@ HTTP responses must include security headers to set rules to how browsers can se
 
 ## V50.4 Browser Origin Separation
 
-When accepting a request on the server side, we need to be sure it is initiated by the application itself or by a trusted party.
+When accepting a request to sensitive functionality on the server side, we need to be sure it is initiated by the application itself or by a trusted party and has not been forged by an attacker.
 
-The keywords here are browser security policies like Same Origin Policy for JavaScript and also SameSite logic for cookies.
+Sensitive functionality in this context could include accepting form posts for authenticated and non-authenticated users (such as an authentication request), state changing operations,  resource-demanding functionality (such as data export), etc.
+
+The key protections here are browser security policies like Same Origin Policy for JavaScript and also SameSite logic for cookies. Another common protection is the CORS preflight mechanism. This mechanism will be critical for endpoints designed to be called from a different origin, but it can also be a useful request forgery prevention mechanism for endpoints which are not designed to be called from a different origin.
 
 The category should contain requirements with ideas: