diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index 6e0770b..3d9068f 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -246,8 +246,8 @@ var XSS = (() => {
           request.requestBody && request.requestBody.formData &&
             ic.checkPost(request.requestBody.formData, skipParams)
         : XSS.xssBlockUnscannedPOST &&
-          request.documentUrl && // exclude non-document POSTs, such as url bar searches
-          ns.requestCan(request, "script") && _("UnscannedXPost")
+          (request.originUrl || request.documentUrl) && // exclude non-document POSTs, such as url bar searches
+          ns.requestCan(request, "script") && ("\n" + _("UnscannedXPost"))
       );
 
       let protectName = ic.nameAssignment;