diff --git a/browser/extensions/shumway/content/shumway.js b/browser/extensions/shumway/content/shumway.js
index 25fe91817ed..ff7281e7f74 100644
--- a/browser/extensions/shumway/content/shumway.js
+++ b/browser/extensions/shumway/content/shumway.js
@@ -37092,7 +37092,7 @@ var BinaryFileReader = function binaryFileReader() {
       },
       readAsync: function (ondata, onerror, onopen, oncomplete, onhttpstatus) {
         var xhr = new XMLHttpRequest({
-            mozAnon: true, mozSystem: true
+            mozSystem: true
           });
         var url = this.url;
         xhr.open(this.method || 'GET', url, true);
diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp
index 1988a5494d7..89cfe7cf77b 100644
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -383,7 +383,7 @@ nsXMLHttpRequest::InitParameters(bool aAnon, bool aSystem)
 
   // Chrome is always allowed access, so do the permission check only
   // for non-chrome pages.
-  if (!IsSystemXHR() && aSystem) {
+  if (!IsSystemXHR()) {
     nsCOMPtr<nsIDocument> doc = window->GetExtantDoc();
     if (!doc) {
       return;
diff --git a/content/base/src/nsXMLHttpRequest.h b/content/base/src/nsXMLHttpRequest.h
index 63f9e27e89f..e66da6040af 100644
--- a/content/base/src/nsXMLHttpRequest.h
+++ b/content/base/src/nsXMLHttpRequest.h
@@ -198,11 +198,6 @@ public:
       return nullptr;
     }
 
-    if (!aParams.mMozAnon && aParams.mMozSystem) {
-      aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
-      return nullptr;
-    }
-
     nsRefPtr<nsXMLHttpRequest> req = new nsXMLHttpRequest();
     req->Construct(principal->GetPrincipal(), global);
     req->InitParameters(aParams.mMozAnon, aParams.mMozSystem);
diff --git a/content/base/test/file_restrictedEventSource.sjs b/content/base/test/file_restrictedEventSource.sjs
index a48eb390081..d801e9ce802 100644
--- a/content/base/test/file_restrictedEventSource.sjs
+++ b/content/base/test/file_restrictedEventSource.sjs
@@ -5,7 +5,9 @@ function handleRequest(request, response)
        request.getHeader("Authorization") == "Basic dXNlciAxOnBhc3N3b3JkIDE=") ||
       (request.queryString == "test=user1_evtsrc" &&
        request.hasHeader("Authorization") &&
-       request.getHeader("Authorization") == "Basic dXNlciAxOnBhc3N3b3JkIDE=")) {
+       request.getHeader("Authorization") == "Basic dXNlciAxOnBhc3N3b3JkIDE=" &&
+       request.hasHeader("Cookie") &&
+       request.getHeader("Cookie") == "test=5c")) {
     response.setStatusLine(null, 200, "OK");
     response.setHeader("Content-Type", "text/event-stream", false);
     response.setHeader("Access-Control-Allow-Origin", "http://mochi.test:8888", false);
diff --git a/content/base/test/mochitest.ini b/content/base/test/mochitest.ini
index 18666334a00..223d2b02c81 100644
--- a/content/base/test/mochitest.ini
+++ b/content/base/test/mochitest.ini
@@ -521,7 +521,6 @@ support-files =
 [test_bug895974.html]
 [test_bug902847.html]
 [test_bug907892.html]
-[test_bug927196.html]
 [test_caretPositionFromPoint.html]
 [test_classList.html]
 [test_copypaste.html]
diff --git a/content/base/test/test_XHR_parameters.html b/content/base/test/test_XHR_parameters.html
index b99bb9dfe24..4779c606d5f 100644
--- a/content/base/test/test_XHR_parameters.html
+++ b/content/base/test/test_XHR_parameters.html
@@ -53,11 +53,12 @@ function runTests() {
     }
     ok(xhr instanceof XMLHttpRequest, "passed " + JSON.stringify(value));
 
-    // If the page doesnt have privileges to create a system XHR,
-    // this flag will always be false no matter what is passed.
-    let expectedAnon = Boolean(value && value.mozAnon);
+    // If the page doesnt have privileges to create a system or anon XHR,
+    // these flags will always be false no matter what is passed.
+    let expectedAnon = false;
     let expectedSystem = false;
     if (havePrivileges) {
+      expectedAnon = Boolean(value && value.mozAnon);
       expectedSystem = Boolean(value && value.mozSystem);
     }
     is(xhr.mozAnon, expectedAnon, "testing mozAnon");
@@ -83,12 +84,13 @@ function runTests() {
 
   // ...and once with privileges.
   havePrivileges = true;
-  SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], function() {
-    validParameters.forEach(testValidParameter);
-    invalidParameters.forEach(testInvalidParameter);
+  SpecialPowers.addPermission("systemXHR", true, document);
 
-    SimpleTest.finish();
-  });
+  validParameters.forEach(testValidParameter);
+  invalidParameters.forEach(testInvalidParameter);
+  SpecialPowers.removePermission("systemXHR", document);
+
+  SimpleTest.finish();
 }
 
 </script>
diff --git a/content/base/test/test_XHR_system.html b/content/base/test/test_XHR_system.html
index 0a50282edec..4bdc4fe82a6 100644
--- a/content/base/test/test_XHR_system.html
+++ b/content/base/test/test_XHR_system.html
@@ -26,7 +26,7 @@ tests.push(function test_cross_origin() {
 
   is(window.location.hostname, "mochi.test", "correct origin");
 
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  let xhr = new XMLHttpRequest({mozSystem: true});
   is(xhr.mozSystem, true, ".mozSystem == true");
   xhr.open("GET", CROSSSITE_URL);
   xhr.onload = function onload() {
@@ -45,7 +45,7 @@ tests.push(function test_cross_origin() {
 tests.push(function test_file_uri() {
   // System XHR is not permitted to access file:/// URIs.
 
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  let xhr = new XMLHttpRequest({mozSystem: true});
   is(xhr.mozSystem, true, ".mozSystem == true");
   xhr.open("GET", PROTECTED_URL);
   let error;
@@ -64,7 +64,7 @@ tests.push(function test_file_uri() {
 tests.push(function test_redirect_to_file_uri() {
   // System XHR won't load file:/// URIs even if an HTTP resource redirects there.
 
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  let xhr = new XMLHttpRequest({mozSystem: true});
   is(xhr.mozSystem, true, ".mozSystem == true");
   xhr.open("GET", REDIRECT_URL);
   xhr.onload = function onload() {
diff --git a/content/base/test/test_bug338583.html b/content/base/test/test_bug338583.html
index b63810b09d2..a189a978544 100644
--- a/content/base/test/test_bug338583.html
+++ b/content/base/test/test_bug338583.html
@@ -464,8 +464,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=338583
 
   function doTest5_c(test_id)
   {
-    // credentials using the auth cache
-    var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    // credentials using the auth cache and cookies
+    var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
     xhr.withCredentials = true;
     // also, test mixed mode UI
     xhr.open("GET", "https://example.com/tests/content/base/test/file_restrictedEventSource.sjs?test=user1_xhr", true, "user 1", "password 1");
@@ -494,7 +494,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=338583
 
   function doTest5_d(test_id)
   {
-    var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
     xhr.withCredentials = true;
     xhr.open("GET", "https://example.com/tests/content/base/test/file_restrictedEventSource.sjs?test=user2_xhr", true, "user 2", "password 2");
     xhr.send();
@@ -521,8 +521,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=338583
 
   function doTest5_e(test_id)
   {
-    // credentials using the auth cache
-    var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    // credentials using the auth cache and cookies
+    var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
     xhr.withCredentials = true;
     xhr.open("GET", "http://example.org/tests/content/base/test/file_restrictedEventSource.sjs?test=user1_xhr", true, "user 1", "password 1");
     xhr.send();
@@ -550,7 +550,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=338583
 
   function doTest5_f(test_id)
   {
-    var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
     xhr.withCredentials = true;
     xhr.open("GET", "http://example.org/tests/content/base/test/file_restrictedEventSource.sjs?test=user2_xhr", true, "user 2", "password 2");
     xhr.send();
diff --git a/content/base/test/test_bug426308.html b/content/base/test/test_bug426308.html
index 70a93fef0e3..1654824596c 100644
--- a/content/base/test/test_bug426308.html
+++ b/content/base/test/test_bug426308.html
@@ -22,7 +22,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=426308
 const SJS_URL = "http://example.org:80/tests/content/base/test/bug426308-redirect.sjs";
 
 function startTest() {
-  var req = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var req = new XMLHttpRequest({mozAnon: false, mozSystem: true});
   req.open("GET", SJS_URL + "?" + window.location.href, false);
   req.send(null);
 
diff --git a/content/base/test/test_bug431701.html b/content/base/test/test_bug431701.html
index 9f6201b557d..e17e4418537 100644
--- a/content/base/test/test_bug431701.html
+++ b/content/base/test/test_bug431701.html
@@ -51,7 +51,7 @@ function createDoc() {
 function xhrDoc(idx) {
   return function() {
     // Defy same-origin restrictions!
-    var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
     xhr.open("GET", docSources[idx], false);
     xhr.send();
     return xhr.responseXML;
diff --git a/content/base/test/test_bug804395.html b/content/base/test/test_bug804395.html
index 61cbcbab650..f890595c4a5 100644
--- a/content/base/test/test_bug804395.html
+++ b/content/base/test/test_bug804395.html
@@ -19,7 +19,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=804395
 <script type="application/javascript">
 
 function test200() {
-  var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
   xhr.open('GET', 'jar:http://example.org/tests/content/base/test/file_bug804395.jar!/foo.bar', true);
   xhr.onreadystatechange = function() {
     if (xhr.readyState == 4) {
@@ -31,7 +31,7 @@ function test200() {
 }
 
 function test404() {
-  var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
   xhr.open('GET', 'jar:http://example.org/tests/content/base/test/file_bug804395.jar!/foo.do_not_exist', true);
   xhr.onreadystatechange = function() {
     if (xhr.readyState == 4) {
@@ -43,7 +43,7 @@ function test404() {
 }
 
 function test0() {
-  var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
   xhr.open('GET', 'jar:http://example.org/tests/content/base/test/file_bug804395.jar!/foo.bar', true);
   ok(xhr.status == 0, "Not Sent request must have status 0");
   runTests();
diff --git a/content/base/test/test_bug927196.html b/content/base/test/test_bug927196.html
deleted file mode 100644
index 1d6f6784a85..00000000000
--- a/content/base/test/test_bug927196.html
+++ /dev/null
@@ -1,64 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-https://bugzilla.mozilla.org/show_bug.cgi?id=426308
--->
-<head>
-  <title>Test for Bug 426308</title>
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-</head>
-<body>
-<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=927196">Mozilla Bug 927196</a>
-<p id="display"></p>
-<div id="content" style="display: none">
-  
-</div>
-<pre id="test">
-<script class="testbody" type="text/javascript">
-
-/** Test for Bug 927196 **/
-
-function startTest() {
-  try {
-    req = new XMLHttpRequest({mozSystem: true});
-    ok(false, "Should not be reached");
-  } catch(e) {
-    is(e.name, "SecurityError", "XMLHttpRequest should not be mozSystem");
-  }
-
-  req = new XMLHttpRequest({mozAnon: true});
-  is(req.mozAnon, true, "XMLHttpRequest should be mozAnon");
-  is(req.mozSystem, false, "XMLHttpRequest should not be mozSystem");
-
-  req = new XMLHttpRequest({mozAnon: true, mozSystem: true});
-  is(req.mozAnon, true, "XMLHttpRequest should be mozAnon");
-  is(req.mozSystem, true, "XMLHttpRequest should be mozSystem");
-
-  try {
-    req = new XMLHttpRequest({mozAnon: false, mozSystem: true});
-    ok(false, "Should not be reached");
-  } catch(e) {
-    is(e.name, "SecurityError", "XMLHttpRequest should throw SecurityError");
-  }
-
-  SimpleTest.finish();
-}
-
-SimpleTest.waitForExplicitFinish();
-
-var req = new XMLHttpRequest({mozAnon: true});
-is(req.mozAnon, true, "XMLHttpRequest should be mozAnon");
-is(req.mozSystem, false, "XMLHttpRequest should not be mozSystem");
-
-req = new XMLHttpRequest({mozAnon: true, mozSystem: true});
-is(req.mozAnon, false, "XMLHttpRequest should be mozAnon");
-is(req.mozSystem, false, "XMLHttpRequest should not be mozSystem");
-
-addLoadEvent(function() {
-   SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], startTest);
-});
-</script>
-</pre>
-</body>
-</html>
diff --git a/content/base/test/test_xhr_forbidden_headers.html b/content/base/test/test_xhr_forbidden_headers.html
index 6e2d20ec001..c6dd919ff04 100644
--- a/content/base/test/test_xhr_forbidden_headers.html
+++ b/content/base/test/test_xhr_forbidden_headers.html
@@ -70,7 +70,7 @@ function  startTest() {
   }
 
   // Try setting headers in privileged context
-  request = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  request = new XMLHttpRequest({mozAnon: false, mozSystem: true});
   request.open("GET", window.location.href);
   for (i = 0; i < headers.length; i++)
     request.setRequestHeader(headers[i], "test" + i);
diff --git a/dom/permission/tests/test_systemXHR.html b/dom/permission/tests/test_systemXHR.html
index 454e2e125e3..dd16fddfaf9 100644
--- a/dom/permission/tests/test_systemXHR.html
+++ b/dom/permission/tests/test_systemXHR.html
@@ -17,7 +17,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=815105
 <script type="application/javascript;version=1.8" src="file_framework.js"></script>
 <script type="application/javascript;version=1.8">
 function verifier(success, failure) {
-  var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var xhr = new XMLHttpRequest({mozSystem: true});
   if (xhr.mozSystem === true) {
     success("systemXHR");
   } else {
diff --git a/dom/workers/XMLHttpRequest.cpp b/dom/workers/XMLHttpRequest.cpp
index 962cf895438..36308377817 100644
--- a/dom/workers/XMLHttpRequest.cpp
+++ b/dom/workers/XMLHttpRequest.cpp
@@ -1499,11 +1499,6 @@ XMLHttpRequest::Constructor(const GlobalObject& aGlobal,
   WorkerPrivate* workerPrivate = GetWorkerPrivateFromContext(cx);
   MOZ_ASSERT(workerPrivate);
 
-  if (!aParams.mMozAnon && aParams.mMozSystem) {
-    aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
-    return nullptr;
-  }
-
   nsRefPtr<XMLHttpRequest> xhr = new XMLHttpRequest(workerPrivate);
 
   if (workerPrivate->XHRParamsAllowed()) {
diff --git a/dom/workers/test/test_xhr_system.html b/dom/workers/test/test_xhr_system.html
index 4eae447af92..6a80b7aa0db 100644
--- a/dom/workers/test/test_xhr_system.html
+++ b/dom/workers/test/test_xhr_system.html
@@ -26,6 +26,8 @@ function message(event) {
 };
 
 function test1() {
+  // ...and once with privileges.
+  SpecialPowers.addPermission("systemXHR", true, document);
   var worker = new Worker("test_xhr_system.js");
   worker.onmessage = message;
   worker.postMessage(true);
@@ -34,6 +36,7 @@ function test1() {
 var tests = [ test1 ];
 function run() {
   if (!tests.length) {
+    SpecialPowers.removePermission("systemXHR", document);
     SimpleTest.finish();
     return;
   }
@@ -43,8 +46,7 @@ function run() {
 }
 
 SimpleTest.waitForExplicitFinish();
-
-SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], run);
+run();
 
 </script>
 </pre>
diff --git a/dom/workers/test/test_xhr_system.js b/dom/workers/test/test_xhr_system.js
index 64547492308..2f6415bf34b 100644
--- a/dom/workers/test/test_xhr_system.js
+++ b/dom/workers/test/test_xhr_system.js
@@ -11,9 +11,9 @@ self.onmessage = function onmessage(event) {
   // An XHR with system privileges will be able to do cross-site calls.
 
   const TEST_URL = "http://example.com/tests/content/base/test/test_XHR_system.html";
-  is(location.hostname, "mochi.test", "hostname should be mochi.test");
+  is(location.hostname, "mochi.test", "hostname");
 
-  var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var xhr = new XMLHttpRequest({mozSystem: true});
   is(xhr.mozSystem, true, ".mozSystem == true");
   xhr.open("GET", TEST_URL);
   xhr.onload = function onload() {
diff --git a/testing/mochitest/manifest.webapp b/testing/mochitest/manifest.webapp
index 535a5f10a93..c45b52d3ca0 100644
--- a/testing/mochitest/manifest.webapp
+++ b/testing/mochitest/manifest.webapp
@@ -27,6 +27,7 @@
     "idle":{},
     "network-events":{},
     "embed-apps":{},
+    "systemXHR":{},
     "audio-channel-content":{},
     "audio-channel-alarm":{}
   },