Seems like "The Cross-Site Request Forgery killer" might be a better title. It sounds like I can probably stop using anti-csrf tokens 8-10 years from now. I still support IE8.