diff --git a/fetch.bs b/fetch.bs
index d169d7411..5446b42c4 100644
--- a/fetch.bs
+++ b/fetch.bs
@@ -1905,7 +1905,8 @@ source of security bugs. Please seek security review for features that deal with
  is not "<code><a for="embedder policy value">credentialless</a></code>", return true.</p>
 
  <li><p>If <var>request</var>'s <a for=request>origin</a> is <a>same origin</a> with
- <var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a>, return true.</p>
+ <var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a> and
+ <var>request</var>'s <a for=request>tainted origin flag</a> is not set, return true.</p>
 
  <li><p>Return false.</p>
 </ol>