diff --git a/docshell/base/LoadContext.cpp b/docshell/base/LoadContext.cpp
index 6861ecac3d61..7bf55a466590 100644
--- a/docshell/base/LoadContext.cpp
+++ b/docshell/base/LoadContext.cpp
@@ -8,22 +8,12 @@
 #include "nsIScriptSecurityManager.h"
 #include "nsServiceManagerUtils.h"
 #include "nsContentUtils.h"
+#include "mozIApplication.h"
 
 namespace mozilla {
 
 NS_IMPL_ISUPPORTS1(LoadContext, nsILoadContext);
 
-LoadContext::LoadContext(const IPC::SerializedLoadContext& aToCopy,
-                         nsIDOMElement* aTopFrameElemenet)
-  : mIsNotNull(aToCopy.mIsNotNull)
-  , mIsContent(aToCopy.mIsContent)
-  , mUsePrivateBrowsing(aToCopy.mUsePrivateBrowsing)
-  , mIsInBrowserElement(aToCopy.mIsInBrowserElement)
-  , mAppId(aToCopy.mAppId)
-  , mTopFrameElement(do_GetWeakReference(aTopFrameElemenet))
-{}
-
-
 //-----------------------------------------------------------------------------
 // LoadContext::nsILoadContext
 //-----------------------------------------------------------------------------
diff --git a/docshell/base/LoadContext.h b/docshell/base/LoadContext.h
index 29961ca44ac7..c1ba521b9bbd 100644
--- a/docshell/base/LoadContext.h
+++ b/docshell/base/LoadContext.h
@@ -10,6 +10,9 @@
 #include "SerializedLoadContext.h"
 #include "mozilla/Attributes.h"
 #include "nsWeakReference.h"
+#include "nsIDOMElement.h"
+
+class mozIApplication;
 
 namespace mozilla {
 
@@ -29,17 +32,19 @@ public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSILOADCONTEXT
 
-  LoadContext(const IPC::SerializedLoadContext& aToCopy)
+  // AppId/inBrowser arguments override those in SerializedLoadContext provided
+  // by child process.
+  LoadContext(const IPC::SerializedLoadContext& aToCopy,
+              nsIDOMElement* aTopFrameElement,
+              uint32_t aAppId, bool aInBrowser)
     : mIsNotNull(aToCopy.mIsNotNull)
     , mIsContent(aToCopy.mIsContent)
     , mUsePrivateBrowsing(aToCopy.mUsePrivateBrowsing)
-    , mIsInBrowserElement(aToCopy.mIsInBrowserElement)
-    , mAppId(aToCopy.mAppId)
+    , mIsInBrowserElement(aInBrowser)
+    , mAppId(aAppId)
+    , mTopFrameElement(do_GetWeakReference(aTopFrameElement))
   {}
 
-  LoadContext(const IPC::SerializedLoadContext& aToCopy,
-              nsIDOMElement* aTopFrameElemenet);
-
 private:
   bool          mIsNotNull;
   bool          mIsContent;
diff --git a/dom/ipc/PBrowser.ipdl b/dom/ipc/PBrowser.ipdl
index e1ae01bf0119..5526967a5128 100644
--- a/dom/ipc/PBrowser.ipdl
+++ b/dom/ipc/PBrowser.ipdl
@@ -214,8 +214,6 @@ parent:
      *   URI of the manifest to fetch, the application cache group ID
      * @param documentURI
      *   URI of the document that referred the manifest
-     * @param clientID
-     *   The group cache version identifier to use
      * @param stickDocument
      *   True if the update was initiated by a document load that referred
      *   a manifest.
@@ -233,7 +231,6 @@ parent:
      *   has already been cached (stickDocument=false).
      */
     POfflineCacheUpdate(URIParams manifestURI, URIParams documentURI,
-                        bool isInBrowserElement, uint32_t appId,
                         bool stickDocument);
 
     sync PIndexedDB(nsCString asciiOrigin)
diff --git a/dom/ipc/TabChild.cpp b/dom/ipc/TabChild.cpp
index 55e8347756b9..7ebd1a3430c3 100644
--- a/dom/ipc/TabChild.cpp
+++ b/dom/ipc/TabChild.cpp
@@ -1570,8 +1570,6 @@ TabChild::RecvActivateFrameEvent(const nsString& aType, const bool& capture)
 POfflineCacheUpdateChild*
 TabChild::AllocPOfflineCacheUpdate(const URIParams& manifestURI,
                                    const URIParams& documentURI,
-                                   const bool& isInBrowserElement,
-                                   const uint32_t& appId,
                                    const bool& stickDocument)
 {
   NS_RUNTIMEABORT("unused");
diff --git a/dom/ipc/TabChild.h b/dom/ipc/TabChild.h
index bc9e06d0fc11..e44ae9aa1835 100644
--- a/dom/ipc/TabChild.h
+++ b/dom/ipc/TabChild.h
@@ -277,8 +277,6 @@ public:
     virtual POfflineCacheUpdateChild* AllocPOfflineCacheUpdate(
             const URIParams& manifestURI,
             const URIParams& documentURI,
-            const bool& isInBrowserElement,
-            const uint32_t& appId,
             const bool& stickDocument);
     virtual bool DeallocPOfflineCacheUpdate(POfflineCacheUpdateChild* offlineCacheUpdate);
 
diff --git a/dom/ipc/TabParent.cpp b/dom/ipc/TabParent.cpp
index 492c14df6ee4..3a0c2265c100 100644
--- a/dom/ipc/TabParent.cpp
+++ b/dom/ipc/TabParent.cpp
@@ -1128,15 +1128,13 @@ TabParent::DeallocPRenderFrame(PRenderFrameParent* aFrame)
 mozilla::docshell::POfflineCacheUpdateParent*
 TabParent::AllocPOfflineCacheUpdate(const URIParams& aManifestURI,
                                     const URIParams& aDocumentURI,
-                                    const bool& isInBrowserElement,
-                                    const uint32_t& appId,
                                     const bool& stickDocument)
 {
   nsRefPtr<mozilla::docshell::OfflineCacheUpdateParent> update =
-    new mozilla::docshell::OfflineCacheUpdateParent();
+    new mozilla::docshell::OfflineCacheUpdateParent(OwnOrContainingAppId(),
+                                                    IsBrowserElement());
 
-  nsresult rv = update->Schedule(aManifestURI, aDocumentURI,
-                                 isInBrowserElement, appId, stickDocument);
+  nsresult rv = update->Schedule(aManifestURI, aDocumentURI, stickDocument);
   if (NS_FAILED(rv))
     return nullptr;
 
diff --git a/dom/ipc/TabParent.h b/dom/ipc/TabParent.h
index c44528fc8f70..bd640e3c9b7d 100644
--- a/dom/ipc/TabParent.h
+++ b/dom/ipc/TabParent.h
@@ -191,8 +191,6 @@ public:
     virtual POfflineCacheUpdateParent* AllocPOfflineCacheUpdate(
             const URIParams& aManifestURI,
             const URIParams& aDocumentURI,
-            const bool& isInBrowserElement,
-            const uint32_t& appId,
             const bool& stickDocument);
     virtual bool DeallocPOfflineCacheUpdate(POfflineCacheUpdateParent* actor);
 
diff --git a/modules/libpref/src/init/all.js b/modules/libpref/src/init/all.js
index eea68723e883..b3a59502b5ed 100644
--- a/modules/libpref/src/init/all.js
+++ b/modules/libpref/src/init/all.js
@@ -770,6 +770,9 @@ pref("security.fileuri.strict_origin_policy", true);
 // the results
 pref("network.allow-experiments", true);
 
+// Turn off interprocess security checks. Needed to run xpcshell tests.
+pref("network.disable.ipc.security", false);
+
 // Default action for unlisted external protocol handlers
 pref("network.protocol-handler.external-default", true);      // OK to load
 pref("network.protocol-handler.warn-external-default", true); // warn before load
diff --git a/netwerk/cookie/CookieServiceChild.cpp b/netwerk/cookie/CookieServiceChild.cpp
index a20b33bff158..d0e88c578103 100644
--- a/netwerk/cookie/CookieServiceChild.cpp
+++ b/netwerk/cookie/CookieServiceChild.cpp
@@ -4,12 +4,14 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/net/CookieServiceChild.h"
-
+#include "mozilla/dom/TabChild.h"
 #include "mozilla/ipc/URIUtils.h"
 #include "mozilla/net/NeckoChild.h"
 #include "nsIURI.h"
 #include "nsIPrefService.h"
 #include "nsIPrefBranch.h"
+#include "nsITabChild.h"
+#include "nsNetUtil.h"
 
 using namespace mozilla::ipc;
 
@@ -115,10 +117,19 @@ CookieServiceChild::GetCookieStringInternal(nsIURI *aHostURI,
   URIParams uriParams;
   SerializeURI(aHostURI, uriParams);
 
+  nsCOMPtr<nsITabChild> iTabChild;
+  mozilla::dom::TabChild* tabChild = nullptr;
+  if (aChannel) {
+    NS_QueryNotificationCallbacks(aChannel, iTabChild);
+    if (iTabChild) {
+      tabChild = static_cast<mozilla::dom::TabChild*>(iTabChild.get());
+    }
+  }
+
   // Synchronously call the parent.
   nsAutoCString result;
   SendGetCookieString(uriParams, !!isForeign, aFromHttp,
-                      IPC::SerializedLoadContext(aChannel), &result);
+                      IPC::SerializedLoadContext(aChannel), tabChild, &result);
   if (!result.IsEmpty())
     *aCookieString = ToNewCString(result);
 
@@ -148,9 +159,18 @@ CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
   URIParams uriParams;
   SerializeURI(aHostURI, uriParams);
 
+  nsCOMPtr<nsITabChild> iTabChild;
+  mozilla::dom::TabChild* tabChild = nullptr;
+  if (aChannel) {
+    NS_QueryNotificationCallbacks(aChannel, iTabChild);
+    if (iTabChild) {
+      tabChild = static_cast<mozilla::dom::TabChild*>(iTabChild.get());
+    }
+  }
+
   // Synchronously call the parent.
   SendSetCookieString(uriParams, !!isForeign, cookieString, serverTime,
-                      aFromHttp, IPC::SerializedLoadContext(aChannel));
+                      aFromHttp, IPC::SerializedLoadContext(aChannel), tabChild);
   return NS_OK;
 }
 
diff --git a/netwerk/cookie/CookieServiceParent.cpp b/netwerk/cookie/CookieServiceParent.cpp
index 90cb528574f6..ef9655a69c80 100644
--- a/netwerk/cookie/CookieServiceParent.cpp
+++ b/netwerk/cookie/CookieServiceParent.cpp
@@ -4,32 +4,44 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/net/CookieServiceParent.h"
+#include "mozilla/dom/PBrowserParent.h"
+#include "mozilla/net/NeckoParent.h"
 
 #include "mozilla/ipc/URIUtils.h"
 #include "nsCookieService.h"
 #include "nsNetUtil.h"
+#include "nsPrintfCString.h"
 
 using namespace mozilla::ipc;
+using mozilla::dom::PBrowserParent;
+using mozilla::net::NeckoParent;
 
-static void
-GetAppInfoFromLoadContext(const IPC::SerializedLoadContext &aLoadContext,
-                          uint32_t& aAppId,
-                          bool& aIsInBrowserElement,
-                          bool& aIsPrivate)
+MOZ_WARN_UNUSED_RESULT
+static bool
+GetAppInfoFromParams(const IPC::SerializedLoadContext &aLoadContext,
+                     PBrowserParent* aBrowser,
+                     uint32_t& aAppId,
+                     bool& aIsInBrowserElement,
+                     bool& aIsPrivate) 
 {
-  // TODO: bug 782542: what to do when we get null loadContext?  For now assume
-  // NECKO_NO_APP_ID.
   aAppId = NECKO_NO_APP_ID;
   aIsInBrowserElement = false;
   aIsPrivate = false;
 
-  if (aLoadContext.IsNotNull()) {
-    aAppId = aLoadContext.mAppId;
-    aIsInBrowserElement = aLoadContext.mIsInBrowserElement;
+  const char* error = NeckoParent::GetValidatedAppInfo(aLoadContext, aBrowser,
+                                                       &aAppId,
+                                                       &aIsInBrowserElement);
+  if (error) {
+    NS_WARNING(nsPrintfCString("CookieServiceParent: GetAppInfoFromParams: "
+                               "FATAL error: %s: KILLING CHILD PROCESS\n",
+                               error).get());
+    return false;
   }
 
   if (aLoadContext.IsPrivateBitValid())
     aIsPrivate = aLoadContext.mUsePrivateBrowsing;
+
+  return true;
 }
 
 namespace mozilla {
@@ -57,6 +69,7 @@ CookieServiceParent::RecvGetCookieString(const URIParams& aHost,
                                          const bool& aFromHttp,
                                          const IPC::SerializedLoadContext&
                                                aLoadContext,
+                                         PBrowserParent* aBrowser,
                                          nsCString* aResult)
 {
   if (!mCookieService)
@@ -70,10 +83,15 @@ CookieServiceParent::RecvGetCookieString(const URIParams& aHost,
 
   uint32_t appId;
   bool isInBrowserElement, isPrivate;
-  GetAppInfoFromLoadContext(aLoadContext, appId, isInBrowserElement, isPrivate);
+  bool valid = GetAppInfoFromParams(aLoadContext, aBrowser, appId,
+                                    isInBrowserElement, isPrivate);
+  if (!valid) {
+    return false;
+  }
 
   mCookieService->GetCookieStringInternal(hostURI, aIsForeign, aFromHttp, appId,
-                                          isInBrowserElement, isPrivate, *aResult);
+                                          isInBrowserElement, isPrivate,
+                                          *aResult);
   return true;
 }
 
@@ -84,7 +102,8 @@ CookieServiceParent::RecvSetCookieString(const URIParams& aHost,
                                          const nsCString& aServerTime,
                                          const bool& aFromHttp,
                                          const IPC::SerializedLoadContext&
-                                               aLoadContext)
+                                               aLoadContext,
+                                         PBrowserParent* aBrowser)
 {
   if (!mCookieService)
     return true;
@@ -97,7 +116,11 @@ CookieServiceParent::RecvSetCookieString(const URIParams& aHost,
 
   uint32_t appId;
   bool isInBrowserElement, isPrivate;
-  GetAppInfoFromLoadContext(aLoadContext, appId, isInBrowserElement, isPrivate);
+  bool valid = GetAppInfoFromParams(aLoadContext, aBrowser, appId,
+                                    isInBrowserElement, isPrivate);
+  if (!valid) {
+    return false;
+  }
 
   nsDependentCString cookieString(aCookieString, 0);
   //TODO: bug 812475, pass a real channel object
diff --git a/netwerk/cookie/CookieServiceParent.h b/netwerk/cookie/CookieServiceParent.h
index d51a209287ff..ec228ae6a67e 100644
--- a/netwerk/cookie/CookieServiceParent.h
+++ b/netwerk/cookie/CookieServiceParent.h
@@ -13,6 +13,9 @@ class nsCookieService;
 class nsIIOService;
 
 namespace mozilla {
+namespace dom {
+  class PBrowserParent;
+}
 namespace net {
 
 class CookieServiceParent : public PCookieServiceParent
@@ -27,6 +30,7 @@ protected:
                                    const bool& aFromHttp,
                                    const IPC::SerializedLoadContext&
                                          loadContext,
+                                   mozilla::dom::PBrowserParent* aBrowser,
                                    nsCString* aResult);
 
   virtual bool RecvSetCookieString(const URIParams& aHost,
@@ -35,7 +39,8 @@ protected:
                                    const nsCString& aServerTime,
                                    const bool& aFromHttp,
                                    const IPC::SerializedLoadContext&
-                                         loadContext);
+                                         loadContext,
+                                   mozilla::dom::PBrowserParent* aBrowser);
 
   nsRefPtr<nsCookieService> mCookieService;
 };
diff --git a/netwerk/cookie/PCookieService.ipdl b/netwerk/cookie/PCookieService.ipdl
index 768eabf1f53e..5a004a9b1581 100644
--- a/netwerk/cookie/PCookieService.ipdl
+++ b/netwerk/cookie/PCookieService.ipdl
@@ -6,6 +6,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 include protocol PNecko;
+include protocol PBrowser;
 include URIParams;
 
 include "SerializedLoadContext.h";
@@ -64,7 +65,8 @@ parent:
   sync GetCookieString(URIParams host,
                        bool isForeign,
                        bool fromHttp,
-                       SerializedLoadContext loadContext)
+                       SerializedLoadContext loadContext,
+                       nullable PBrowser browser)
        returns (nsCString result);
 
   /*
@@ -101,7 +103,8 @@ parent:
                   nsCString cookieString,
                   nsCString serverTime,
                   bool fromHttp,
-                  SerializedLoadContext loadContext);
+                  SerializedLoadContext loadContext,
+                  nullable PBrowser browser);
 
   __delete__();
 };
diff --git a/netwerk/ipc/NeckoChild.cpp b/netwerk/ipc/NeckoChild.cpp
index d47242928604..eb415269a2d0 100644
--- a/netwerk/ipc/NeckoChild.cpp
+++ b/netwerk/ipc/NeckoChild.cpp
@@ -14,17 +14,22 @@
 #include "mozilla/net/FTPChannelChild.h"
 #include "mozilla/net/WebSocketChannelChild.h"
 #include "mozilla/dom/network/TCPSocketChild.h"
+#include "mozilla/Preferences.h"
 
 using mozilla::dom::TCPSocketChild;
 
 namespace mozilla {
 namespace net {
 
+static bool gDisableIPCSecurity = false;
+static const char kPrefDisableIPCSecurity[] = "network.disable.ipc.security";
+
 PNeckoChild *gNeckoChild = nullptr;
 
 // C++ file contents
 NeckoChild::NeckoChild()
 {
+  Preferences::AddBoolVarCache(&gDisableIPCSecurity, kPrefDisableIPCSecurity);
 }
 
 NeckoChild::~NeckoChild()
@@ -80,7 +85,8 @@ NeckoChild::DeallocPHttpChannel(PHttpChannelChild* channel)
 }
 
 PFTPChannelChild*
-NeckoChild::AllocPFTPChannel()
+NeckoChild::AllocPFTPChannel(PBrowserChild* aBrowser,
+                             const SerializedLoadContext& aSerialized)
 {
   // We don't allocate here: see FTPChannelChild::AsyncOpen()
   NS_RUNTIMEABORT("AllocPFTPChannel should not be called");
@@ -134,7 +140,8 @@ NeckoChild::DeallocPWyciwygChannel(PWyciwygChannelChild* channel)
 }
 
 PWebSocketChild*
-NeckoChild::AllocPWebSocket(PBrowserChild* browser)
+NeckoChild::AllocPWebSocket(PBrowserChild* browser,
+                            const SerializedLoadContext& aSerialized)
 {
   NS_NOTREACHED("AllocPWebSocket should not be called");
   return nullptr;
diff --git a/netwerk/ipc/NeckoChild.h b/netwerk/ipc/NeckoChild.h
index 8006c4c86937..9bf3021bc450 100644
--- a/netwerk/ipc/NeckoChild.h
+++ b/netwerk/ipc/NeckoChild.h
@@ -33,9 +33,10 @@ protected:
   virtual bool DeallocPCookieService(PCookieServiceChild*);
   virtual PWyciwygChannelChild* AllocPWyciwygChannel();
   virtual bool DeallocPWyciwygChannel(PWyciwygChannelChild*);
-  virtual PFTPChannelChild* AllocPFTPChannel();
+  virtual PFTPChannelChild* AllocPFTPChannel(PBrowserChild* aBrowser,
+                                             const SerializedLoadContext& aSerialized);
   virtual bool DeallocPFTPChannel(PFTPChannelChild*);
-  virtual PWebSocketChild* AllocPWebSocket(PBrowserChild*);
+  virtual PWebSocketChild* AllocPWebSocket(PBrowserChild*, const SerializedLoadContext&);
   virtual bool DeallocPWebSocket(PWebSocketChild*);
   virtual PTCPSocketChild* AllocPTCPSocket(const nsString& aHost,
                                            const uint16_t& aPort,
diff --git a/netwerk/ipc/NeckoParent.cpp b/netwerk/ipc/NeckoParent.cpp
index ae43859f493c..7f3582c5a9d2 100644
--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@@ -14,30 +14,142 @@
 #include "mozilla/net/WebSocketChannelParent.h"
 #include "mozilla/dom/TabParent.h"
 #include "mozilla/dom/network/TCPSocketParent.h"
-
+#include "mozilla/Preferences.h"
+#include "mozilla/LoadContext.h"
+#include "nsPrintfCString.h"
 #include "nsHTMLDNSPrefetch.h"
 
 using mozilla::dom::TabParent;
 using mozilla::net::PTCPSocketParent;
 using mozilla::dom::TCPSocketParent;
+using IPC::SerializedLoadContext;
 
 namespace mozilla {
 namespace net {
 
+static bool gDisableIPCSecurity = false;
+static const char kPrefDisableIPCSecurity[] = "network.disable.ipc.security";
+
 // C++ file contents
 NeckoParent::NeckoParent()
 {
+  Preferences::AddBoolVarCache(&gDisableIPCSecurity, kPrefDisableIPCSecurity);
 }
 
 NeckoParent::~NeckoParent()
 {
 }
 
-PHttpChannelParent*
-NeckoParent::AllocPHttpChannel(PBrowserParent* browser,
-                               const SerializedLoadContext& loadContext)
+static PBOverrideStatus
+PBOverrideStatusFromLoadContext(const SerializedLoadContext& aSerialized)
 {
-  HttpChannelParent *p = new HttpChannelParent(browser, loadContext);
+  if (!aSerialized.IsNotNull() && aSerialized.IsPrivateBitValid()) {
+    return aSerialized.mUsePrivateBrowsing ?
+      kPBOverride_Private :
+      kPBOverride_NotPrivate;
+  }
+  return kPBOverride_Unset;
+}
+
+const char*
+NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
+                                 PBrowserParent* aBrowser,
+                                 uint32_t* aAppId,
+                                 bool* aInBrowserElement)
+{
+  if (!gDisableIPCSecurity) {
+    if (!aBrowser) {
+      return "missing required PBrowser argument";
+    }
+    if (!aSerialized.IsNotNull()) {
+      return "SerializedLoadContext from child is null";
+    }
+  }
+
+  *aAppId = NECKO_UNKNOWN_APP_ID;
+  *aInBrowserElement = false;
+
+  if (aBrowser) {
+    nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(aBrowser);
+
+    *aAppId = tabParent->OwnOrContainingAppId();
+    *aInBrowserElement = tabParent->IsBrowserElement();
+
+    if (*aAppId == NECKO_UNKNOWN_APP_ID) {
+      return "TabParent reports appId=NECKO_UNKNOWN_APP_ID!";
+    }
+    // We may get appID=NO_APP if child frame is neither a browser nor an app
+    if (*aAppId == NECKO_NO_APP_ID) {
+      if (tabParent->HasOwnApp()) {
+        return "TabParent reports NECKO_NO_APP_ID but also is an app";
+      }
+      if (tabParent->IsBrowserElement()) {
+        // <iframe mozbrowser> which doesn't have an <iframe mozapp> above it.
+        // This is not supported now, and we'll need to do a code audit to make
+        // sure we can handle it (i.e don't short-circuit using separate
+        // namespace if just appID==0)
+        return "TabParent reports appId=NECKO_NO_APP_ID but is a mozbrowser";
+      }
+    }
+  } else {
+    // Only trust appId/inBrowser from child-side loadcontext if we're in
+    // testing mode: allows xpcshell tests to masquerade as apps
+    MOZ_ASSERT(gDisableIPCSecurity);
+    if (!gDisableIPCSecurity) {
+      return "internal error";
+    }
+    if (aSerialized.IsNotNull()) {
+      *aAppId = aSerialized.mAppId;
+      *aInBrowserElement = aSerialized.mIsInBrowserElement;
+    } else {
+      *aAppId = NECKO_NO_APP_ID;
+    }
+  }
+  return nullptr;
+}
+
+const char *
+NeckoParent::CreateChannelLoadContext(PBrowserParent* aBrowser,
+                                      const SerializedLoadContext& aSerialized,
+                                      nsCOMPtr<nsILoadContext> &aResult)
+{
+  uint32_t appId = NECKO_UNKNOWN_APP_ID;
+  bool inBrowser = false;
+  nsIDOMElement* topFrameElement = nullptr;
+  const char* error = GetValidatedAppInfo(aSerialized, aBrowser, &appId, &inBrowser);
+  if (error) {
+    return error;
+  }
+
+  if (aBrowser) {
+    nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(aBrowser);
+    topFrameElement = tabParent->GetOwnerElement();
+  }
+
+  // if gDisableIPCSecurity, we may not have a LoadContext to set. This is
+  // the common case for most xpcshell tests.
+  if (aSerialized.IsNotNull()) {
+    aResult = new LoadContext(aSerialized, topFrameElement, appId, inBrowser);
+  }
+
+  return nullptr;
+}
+
+PHttpChannelParent*
+NeckoParent::AllocPHttpChannel(PBrowserParent* aBrowser,
+                               const SerializedLoadContext& aSerialized)
+{
+  nsCOMPtr<nsILoadContext> loadContext;
+  const char *error = CreateChannelLoadContext(aBrowser, aSerialized,
+                                               loadContext);
+  if (error) {
+    NS_WARNING(nsPrintfCString("NeckoParent::AllocPHttpChannel: "
+                               "FATAL error: %s: KILLING CHILD PROCESS\n",
+                               error).get());
+    return nullptr;
+  }
+  PBOverrideStatus overrideStatus = PBOverrideStatusFromLoadContext(aSerialized);
+  HttpChannelParent *p = new HttpChannelParent(aBrowser, loadContext, overrideStatus);
   p->AddRef();
   return p;
 }
@@ -51,9 +163,20 @@ NeckoParent::DeallocPHttpChannel(PHttpChannelParent* channel)
 }
 
 PFTPChannelParent*
-NeckoParent::AllocPFTPChannel()
+NeckoParent::AllocPFTPChannel(PBrowserParent* aBrowser,
+                              const SerializedLoadContext& aSerialized)
 {
-  FTPChannelParent *p = new FTPChannelParent();
+  nsCOMPtr<nsILoadContext> loadContext;
+  const char *error = CreateChannelLoadContext(aBrowser, aSerialized,
+                                               loadContext);
+  if (error) {
+    NS_WARNING(nsPrintfCString("NeckoParent::AllocPFTPChannel: "
+                               "FATAL error: %s: KILLING CHILD PROCESS\n",
+                               error).get());
+    return nullptr;
+  }
+  PBOverrideStatus overrideStatus = PBOverrideStatusFromLoadContext(aSerialized);
+  FTPChannelParent *p = new FTPChannelParent(loadContext, overrideStatus);
   p->AddRef();
   return p;
 }
@@ -96,10 +219,23 @@ NeckoParent::DeallocPWyciwygChannel(PWyciwygChannelParent* channel)
 }
 
 PWebSocketParent*
-NeckoParent::AllocPWebSocket(PBrowserParent* browser)
+NeckoParent::AllocPWebSocket(PBrowserParent* browser,
+                             const SerializedLoadContext& serialized)
 {
+  nsCOMPtr<nsILoadContext> loadContext;
+  const char *error = CreateChannelLoadContext(browser, serialized,
+                                               loadContext);
+  if (error) {
+    NS_WARNING(nsPrintfCString("NeckoParent::AllocPWebSocket: "
+                               "FATAL error: %s: KILLING CHILD PROCESS\n",
+                               error).get());
+    return nullptr;
+  }
+
   TabParent* tabParent = static_cast<TabParent*>(browser);
-  WebSocketChannelParent* p = new WebSocketChannelParent(tabParent);
+  PBOverrideStatus overrideStatus = PBOverrideStatusFromLoadContext(serialized);
+  WebSocketChannelParent* p = new WebSocketChannelParent(tabParent, loadContext,
+                                                         overrideStatus);
   p->AddRef();
   return p;
 }
diff --git a/netwerk/ipc/NeckoParent.h b/netwerk/ipc/NeckoParent.h
index 1112e1046a10..a14d1cd7c4ba 100644
--- a/netwerk/ipc/NeckoParent.h
+++ b/netwerk/ipc/NeckoParent.h
@@ -14,6 +14,13 @@
 namespace mozilla {
 namespace net {
 
+// Used to override channel Private Browsing status if needed.
+enum PBOverrideStatus {
+  kPBOverride_Unset = 0,
+  kPBOverride_Private,
+  kPBOverride_NotPrivate
+};
+
 // Header file contents
 class NeckoParent :
   public PNeckoParent
@@ -22,6 +29,27 @@ public:
   NeckoParent();
   virtual ~NeckoParent();
 
+  MOZ_WARN_UNUSED_RESULT
+  static const char *
+  GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
+                      PBrowserParent* aBrowser,
+                      uint32_t* aAppId,
+                      bool* aInBrowserElement);
+
+  /*
+   * Creates LoadContext for parent-side of an e10s channel.
+   *
+   * Values from PBrowserParent are more secure, and override those set in
+   * SerializedLoadContext.
+   *
+   * Returns null if successful, or an error string if failed.
+   */
+  MOZ_WARN_UNUSED_RESULT
+  static const char*
+  CreateChannelLoadContext(PBrowserParent* aBrowser,
+                           const SerializedLoadContext& aSerialized,
+                           nsCOMPtr<nsILoadContext> &aResult);
+
 protected:
   virtual PHttpChannelParent* AllocPHttpChannel(PBrowserParent*,
                                                 const SerializedLoadContext&);
@@ -30,9 +58,11 @@ protected:
   virtual bool DeallocPCookieService(PCookieServiceParent*);
   virtual PWyciwygChannelParent* AllocPWyciwygChannel();
   virtual bool DeallocPWyciwygChannel(PWyciwygChannelParent*);
-  virtual PFTPChannelParent* AllocPFTPChannel();
+  virtual PFTPChannelParent* AllocPFTPChannel(PBrowserParent* aBrowser,
+                                              const SerializedLoadContext& aSerialized);
   virtual bool DeallocPFTPChannel(PFTPChannelParent*);
-  virtual PWebSocketParent* AllocPWebSocket(PBrowserParent* browser);
+  virtual PWebSocketParent* AllocPWebSocket(PBrowserParent* browser,
+                                            const SerializedLoadContext& aSerialized);
   virtual bool DeallocPWebSocket(PWebSocketParent*);
   virtual PTCPSocketParent* AllocPTCPSocket(const nsString& aHost,
                                             const uint16_t& aPort,
@@ -51,7 +81,6 @@ protected:
   virtual bool RecvCancelHTMLDNSPrefetch(const nsString& hostname,
                                          const uint16_t& flags,
                                          const nsresult& reason);
-
 };
 
 } // namespace net
diff --git a/netwerk/ipc/PNecko.ipdl b/netwerk/ipc/PNecko.ipdl
index 9330fb01fe3b..18211afa99c4 100644
--- a/netwerk/ipc/PNecko.ipdl
+++ b/netwerk/ipc/PNecko.ipdl
@@ -40,8 +40,8 @@ parent:
   PHttpChannel(nullable PBrowser browser,
                SerializedLoadContext loadContext);
   PWyciwygChannel();
-  PFTPChannel();
-  PWebSocket(PBrowser browser);
+  PFTPChannel(PBrowser browser, SerializedLoadContext loadContext);
+  PWebSocket(PBrowser browser, SerializedLoadContext loadContext);
   PTCPSocket(nsString host, uint16_t port, bool useSSL, nsString binaryType,
              nullable PBrowser browser);
 
diff --git a/netwerk/protocol/ftp/FTPChannelChild.cpp b/netwerk/protocol/ftp/FTPChannelChild.cpp
index bb799fbdcd96..9f10b9af82ee 100644
--- a/netwerk/protocol/ftp/FTPChannelChild.cpp
+++ b/netwerk/protocol/ftp/FTPChannelChild.cpp
@@ -7,8 +7,9 @@
 
 #include "mozilla/net/NeckoChild.h"
 #include "mozilla/net/FTPChannelChild.h"
+#include "mozilla/dom/TabChild.h"
 #include "nsFtpProtocolHandler.h"
-
+#include "nsITabChild.h"
 #include "nsStringStream.h"
 #include "nsMimeTypes.h"
 #include "nsNetUtil.h"
@@ -155,8 +156,18 @@ FTPChannelChild::AsyncOpen(::nsIStreamListener* listener, nsISupports* aContext)
   if (NS_FAILED(rv))
     return rv;
 
+  mozilla::dom::TabChild* tabChild = nullptr;
+  nsCOMPtr<nsITabChild> iTabChild;
+  NS_QueryNotificationCallbacks(mCallbacks, mLoadGroup,
+                                NS_GET_IID(nsITabChild),
+                                getter_AddRefs(iTabChild));
+  GetCallback(iTabChild);
+  if (iTabChild) {
+    tabChild = static_cast<mozilla::dom::TabChild*>(iTabChild.get());
+  }
+
   // FIXME: like bug 558623, merge constructor+SendAsyncOpen into 1 IPC msg
-  gNeckoChild->SendPFTPChannelConstructor(this);
+  gNeckoChild->SendPFTPChannelConstructor(this, tabChild, IPC::SerializedLoadContext(this));
   mListener = listener;
   mListenerContext = aContext;
 
@@ -170,8 +181,7 @@ FTPChannelChild::AsyncOpen(::nsIStreamListener* listener, nsISupports* aContext)
   OptionalInputStreamParams uploadStream;
   SerializeInputStream(mUploadStream, uploadStream);
 
-  SendAsyncOpen(uri, mStartPos, mEntityID, uploadStream,
-                IPC::SerializedLoadContext(this));
+  SendAsyncOpen(uri, mStartPos, mEntityID, uploadStream);
 
   // The socket transport layer in the chrome process now has a logical ref to
   // us until OnStopRequest is called.
@@ -509,11 +519,22 @@ FTPChannelChild::Resume()
 NS_IMETHODIMP
 FTPChannelChild::ConnectParent(uint32_t id)
 {
+  mozilla::dom::TabChild* tabChild = nullptr;
+  nsCOMPtr<nsITabChild> iTabChild;
+  NS_QueryNotificationCallbacks(mCallbacks, mLoadGroup,
+                                NS_GET_IID(nsITabChild),
+                                getter_AddRefs(iTabChild));
+  GetCallback(iTabChild);
+  if (iTabChild) {
+    tabChild = static_cast<mozilla::dom::TabChild*>(iTabChild.get());
+  }
+
   // The socket transport in the chrome process now holds a logical ref to us
   // until OnStopRequest, or we do a redirect, or we hit an IPDL error.
   AddIPDLReference();
 
-  if (!gNeckoChild->SendPFTPChannelConstructor(this))
+  if (!gNeckoChild->SendPFTPChannelConstructor(this, tabChild,
+                                               IPC::SerializedLoadContext(this)))
     return NS_ERROR_FAILURE;
 
   if (!SendConnectChannel(id))
diff --git a/netwerk/protocol/ftp/FTPChannelParent.cpp b/netwerk/protocol/ftp/FTPChannelParent.cpp
index 44cb7bb20a35..c69e25e03c43 100644
--- a/netwerk/protocol/ftp/FTPChannelParent.cpp
+++ b/netwerk/protocol/ftp/FTPChannelParent.cpp
@@ -23,8 +23,10 @@ using namespace mozilla::ipc;
 namespace mozilla {
 namespace net {
 
-FTPChannelParent::FTPChannelParent()
+FTPChannelParent::FTPChannelParent(nsILoadContext* aLoadContext, PBOverrideStatus aOverrideStatus)
   : mIPCClosed(false)
+  , mLoadContext(aLoadContext)
+  , mPBOverride(aOverrideStatus)
 {
   nsIProtocolHandler* handler;
   CallGetService(NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "ftp", &handler);
@@ -62,8 +64,7 @@ bool
 FTPChannelParent::RecvAsyncOpen(const URIParams& aURI,
                                 const uint64_t& aStartPos,
                                 const nsCString& aEntityID,
-                                const OptionalInputStreamParams& aUploadStream,
-                                const IPC::SerializedLoadContext& loadContext)
+                                const OptionalInputStreamParams& aUploadStream)
 {
   nsCOMPtr<nsIURI> uri = DeserializeURI(aURI);
   if (!uri)
@@ -87,7 +88,11 @@ FTPChannelParent::RecvAsyncOpen(const URIParams& aURI,
     return SendFailedAsyncOpen(rv);
 
   mChannel = static_cast<nsFtpChannel*>(chan.get());
-  
+
+  if (mPBOverride != kPBOverride_Unset) {
+    mChannel->SetPrivate(mPBOverride == kPBOverride_Private ? true : false);
+  }
+
   nsCOMPtr<nsIInputStream> upload = DeserializeInputStream(aUploadStream);
   if (upload) {
     // contentType and contentLength are ignored
@@ -100,14 +105,6 @@ FTPChannelParent::RecvAsyncOpen(const URIParams& aURI,
   if (NS_FAILED(rv))
     return SendFailedAsyncOpen(rv);
 
-  if (loadContext.IsNotNull())
-    mLoadContext = new LoadContext(loadContext);
-  else if (loadContext.IsPrivateBitValid()) {
-    nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(chan);
-    if (pbChannel)
-      pbChannel->SetPrivate(loadContext.mUsePrivateBrowsing);
-  }
-
   rv = mChannel->AsyncOpen(this, nullptr);
   if (NS_FAILED(rv))
     return SendFailedAsyncOpen(rv);
diff --git a/netwerk/protocol/ftp/FTPChannelParent.h b/netwerk/protocol/ftp/FTPChannelParent.h
index 39e5fff7df01..ab048833aee4 100644
--- a/netwerk/protocol/ftp/FTPChannelParent.h
+++ b/netwerk/protocol/ftp/FTPChannelParent.h
@@ -10,6 +10,7 @@
 
 #include "mozilla/net/PFTPChannelParent.h"
 #include "mozilla/net/NeckoCommon.h"
+#include "mozilla/net/NeckoParent.h"
 #include "nsIParentChannel.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsILoadContext.h"
@@ -30,15 +31,14 @@ public:
   NS_DECL_NSIPARENTCHANNEL
   NS_DECL_NSIINTERFACEREQUESTOR
 
-  FTPChannelParent();
+  FTPChannelParent(nsILoadContext* aLoadContext, PBOverrideStatus aOverrideStatus);
   virtual ~FTPChannelParent();
 
 protected:
   virtual bool RecvAsyncOpen(const URIParams& uri,
                              const uint64_t& startPos,
                              const nsCString& entityID,
-                             const OptionalInputStreamParams& uploadStream,
-                             const IPC::SerializedLoadContext& loadContext) MOZ_OVERRIDE;
+                             const OptionalInputStreamParams& uploadStream) MOZ_OVERRIDE;
   virtual bool RecvConnectChannel(const uint32_t& channelId) MOZ_OVERRIDE;
   virtual bool RecvCancel(const nsresult& status) MOZ_OVERRIDE;
   virtual bool RecvSuspend() MOZ_OVERRIDE;
@@ -51,6 +51,8 @@ protected:
   bool mIPCClosed;
 
   nsCOMPtr<nsILoadContext> mLoadContext;
+
+  PBOverrideStatus mPBOverride;
 };
 
 } // namespace net
diff --git a/netwerk/protocol/ftp/PFTPChannel.ipdl b/netwerk/protocol/ftp/PFTPChannel.ipdl
index 7c2929ec630c..e74a5fb24181 100644
--- a/netwerk/protocol/ftp/PFTPChannel.ipdl
+++ b/netwerk/protocol/ftp/PFTPChannel.ipdl
@@ -13,7 +13,6 @@ include protocol PBlob; //FIXME: bug #792908
 
 include "SerializedLoadContext.h";
 
-using IPC::SerializedLoadContext;
 using PRTime;
 
 namespace mozilla {
@@ -29,8 +28,7 @@ parent:
   AsyncOpen(URIParams uri,
             uint64_t startPos,
             nsCString entityID,
-            OptionalInputStreamParams uploadStream,
-            SerializedLoadContext loadContext);
+            OptionalInputStreamParams uploadStream);
 
   ConnectChannel(uint32_t channelId);
   Cancel(nsresult status);
diff --git a/netwerk/protocol/http/HttpChannelParent.cpp b/netwerk/protocol/http/HttpChannelParent.cpp
index 74a17cb89a11..89699a45ab64 100644
--- a/netwerk/protocol/http/HttpChannelParent.cpp
+++ b/netwerk/protocol/http/HttpChannelParent.cpp
@@ -34,7 +34,8 @@ namespace mozilla {
 namespace net {
 
 HttpChannelParent::HttpChannelParent(PBrowserParent* iframeEmbedding,
-                                     const IPC::SerializedLoadContext& loadContext)
+                                     nsILoadContext* aLoadContext,
+                                     PBOverrideStatus aOverrideStatus)
   : mIPCClosed(false)
   , mStoredStatus(NS_OK)
   , mStoredProgress(0)
@@ -42,7 +43,8 @@ HttpChannelParent::HttpChannelParent(PBrowserParent* iframeEmbedding,
   , mSentRedirect1Begin(false)
   , mSentRedirect1BeginFailed(false)
   , mReceivedRedirect2Verify(false)
-  , mPBOverride(kPBOverride_Unset)
+  , mPBOverride(aOverrideStatus)
+  , mLoadContext(aLoadContext)
 {
   // Ensure gHttpHandler is initialized: we need the atom table up and running.
   nsIHttpProtocolHandler* handler;
@@ -50,18 +52,6 @@ HttpChannelParent::HttpChannelParent(PBrowserParent* iframeEmbedding,
   NS_ASSERTION(handler, "no http handler");
 
   mTabParent = static_cast<mozilla::dom::TabParent*>(iframeEmbedding);
-
-  if (loadContext.IsNotNull()) {
-    if (mTabParent) {
-      mLoadContext = new LoadContext(loadContext, mTabParent->GetOwnerElement());
-    } else {
-      mLoadContext = new LoadContext(loadContext);
-    }
-  } else if (loadContext.IsPrivateBitValid()) {
-    // Don't have channel yet: override PB status after we create it.
-    mPBOverride = loadContext.mUsePrivateBrowsing ? kPBOverride_Private
-                                                  : kPBOverride_NotPrivate;
-  }
 }
 
 HttpChannelParent::~HttpChannelParent()
diff --git a/netwerk/protocol/http/HttpChannelParent.h b/netwerk/protocol/http/HttpChannelParent.h
index fc7a9b7af2cc..6796ef58e085 100644
--- a/netwerk/protocol/http/HttpChannelParent.h
+++ b/netwerk/protocol/http/HttpChannelParent.h
@@ -12,6 +12,7 @@
 #include "mozilla/dom/PBrowserParent.h"
 #include "mozilla/net/PHttpChannelParent.h"
 #include "mozilla/net/NeckoCommon.h"
+#include "mozilla/net/NeckoParent.h"
 #include "nsIParentRedirectingChannel.h"
 #include "nsIProgressEventSink.h"
 #include "nsHttpChannel.h"
@@ -44,7 +45,8 @@ public:
   NS_DECL_NSIINTERFACEREQUESTOR
 
   HttpChannelParent(mozilla::dom::PBrowserParent* iframeEmbedding,
-                    const IPC::SerializedLoadContext& loadContext);
+                    nsILoadContext* aLoadContext,
+                    PBOverrideStatus aStatus);
   virtual ~HttpChannelParent();
 
 protected:
@@ -108,12 +110,6 @@ private:
   bool mSentRedirect1BeginFailed    : 1;
   bool mReceivedRedirect2Verify     : 1;
 
-  // Used to override channel Private Browsing status if needed.
-  enum PBOverrideStatus {
-    kPBOverride_Unset = 0,
-    kPBOverride_Private,
-    kPBOverride_NotPrivate
-  };
   PBOverrideStatus mPBOverride;
 
   nsCOMPtr<nsILoadContext> mLoadContext;
diff --git a/netwerk/protocol/websocket/PWebSocket.ipdl b/netwerk/protocol/websocket/PWebSocket.ipdl
index 1f9301f4a2a7..9c111eab4592 100644
--- a/netwerk/protocol/websocket/PWebSocket.ipdl
+++ b/netwerk/protocol/websocket/PWebSocket.ipdl
@@ -27,8 +27,7 @@ parent:
   AsyncOpen(URIParams aURI,
             nsCString aOrigin,
             nsCString aProtocol,
-            bool aSecure,
-            SerializedLoadContext loadContext);
+            bool aSecure);
   Close(uint16_t code, nsCString reason);
   SendMsg(nsCString aMsg);
   SendBinaryMsg(nsCString aMsg);
diff --git a/netwerk/protocol/websocket/WebSocketChannelChild.cpp b/netwerk/protocol/websocket/WebSocketChannelChild.cpp
index 6e4baa678d26..b4c395964476 100644
--- a/netwerk/protocol/websocket/WebSocketChannelChild.cpp
+++ b/netwerk/protocol/websocket/WebSocketChannelChild.cpp
@@ -338,9 +338,9 @@ WebSocketChannelChild::AsyncOpen(nsIURI *aURI,
   // Corresponding release in DeallocPWebSocket
   AddIPDLReference();
 
-  gNeckoChild->SendPWebSocketConstructor(this, tabChild);
-  if (!SendAsyncOpen(uri, nsCString(aOrigin), mProtocol, mEncrypted,
-                     IPC::SerializedLoadContext(this)))
+  gNeckoChild->SendPWebSocketConstructor(this, tabChild,
+                                         IPC::SerializedLoadContext(this));
+  if (!SendAsyncOpen(uri, nsCString(aOrigin), mProtocol, mEncrypted))
     return NS_ERROR_UNEXPECTED;
 
   mOriginalURI = aURI;
diff --git a/netwerk/protocol/websocket/WebSocketChannelParent.cpp b/netwerk/protocol/websocket/WebSocketChannelParent.cpp
index 8a659c7e5c3d..2edabddce278 100644
--- a/netwerk/protocol/websocket/WebSocketChannelParent.cpp
+++ b/netwerk/protocol/websocket/WebSocketChannelParent.cpp
@@ -7,7 +7,6 @@
 #include "WebSocketLog.h"
 #include "WebSocketChannelParent.h"
 #include "nsIAuthPromptProvider.h"
-#include "mozilla/LoadContext.h"
 #include "mozilla/ipc/InputStreamUtils.h"
 #include "mozilla/ipc/URIUtils.h"
 
@@ -20,10 +19,15 @@ NS_IMPL_THREADSAFE_ISUPPORTS2(WebSocketChannelParent,
                               nsIWebSocketListener,
                               nsIInterfaceRequestor)
 
-WebSocketChannelParent::WebSocketChannelParent(nsIAuthPromptProvider* aAuthProvider)
+WebSocketChannelParent::WebSocketChannelParent(nsIAuthPromptProvider* aAuthProvider,
+                                               nsILoadContext* aLoadContext,
+                                               PBOverrideStatus aOverrideStatus)
   : mAuthProvider(aAuthProvider)
+  , mLoadContext(aLoadContext)
   , mIPCOpen(true)
 {
+  // Websocket channels can't have a private browsing override
+  MOZ_ASSERT_IF(!aLoadContext, aOverrideStatus == kPBOverride_Unset);
 #if defined(PR_LOGGING)
   if (!webSocketLog)
     webSocketLog = PR_NewLogModule("nsWebSocket");
@@ -47,8 +51,7 @@ bool
 WebSocketChannelParent::RecvAsyncOpen(const URIParams& aURI,
                                       const nsCString& aOrigin,
                                       const nsCString& aProtocol,
-                                      const bool& aSecure,
-                                      const IPC::SerializedLoadContext& loadContext)
+                                      const bool& aSecure)
 {
   LOG(("WebSocketChannelParent::RecvAsyncOpen() %p\n", this));
 
@@ -65,14 +68,6 @@ WebSocketChannelParent::RecvAsyncOpen(const URIParams& aURI,
   if (NS_FAILED(rv))
     goto fail;
 
-  if (loadContext.IsNotNull())
-    mLoadContext = new LoadContext(loadContext);
-#ifdef DEBUG
-  else
-    // websocket channels cannot have a private bit override
-    MOZ_ASSERT(!loadContext.IsPrivateBitValid());
-#endif
-
   rv = mChannel->SetNotificationCallbacks(this);
   if (NS_FAILED(rv))
     goto fail;
diff --git a/netwerk/protocol/websocket/WebSocketChannelParent.h b/netwerk/protocol/websocket/WebSocketChannelParent.h
index fa70ad72a355..760b2975dd76 100644
--- a/netwerk/protocol/websocket/WebSocketChannelParent.h
+++ b/netwerk/protocol/websocket/WebSocketChannelParent.h
@@ -8,6 +8,7 @@
 #define mozilla_net_WebSocketChannelParent_h
 
 #include "mozilla/net/PWebSocketParent.h"
+#include "mozilla/net/NeckoParent.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsIWebSocketListener.h"
 #include "nsIWebSocketChannel.h"
@@ -29,14 +30,15 @@ class WebSocketChannelParent : public PWebSocketParent,
   NS_DECL_NSIWEBSOCKETLISTENER
   NS_DECL_NSIINTERFACEREQUESTOR
 
-  WebSocketChannelParent(nsIAuthPromptProvider* aAuthProvider);
+  WebSocketChannelParent(nsIAuthPromptProvider* aAuthProvider,
+                         nsILoadContext* aLoadContext,
+                         PBOverrideStatus aOverrideStatus);
 
  private:
   bool RecvAsyncOpen(const URIParams& aURI,
                      const nsCString& aOrigin,
                      const nsCString& aProtocol,
-                     const bool& aSecure,
-                     const IPC::SerializedLoadContext& loadContext);
+                     const bool& aSecure);
   bool RecvClose(const uint16_t & code, const nsCString & reason);
   bool RecvSendMsg(const nsCString& aMsg);
   bool RecvSendBinaryMsg(const nsCString& aMsg);
diff --git a/netwerk/protocol/wyciwyg/PWyciwygChannel.ipdl b/netwerk/protocol/wyciwyg/PWyciwygChannel.ipdl
index 9e0bb345debf..23211f657d0f 100644
--- a/netwerk/protocol/wyciwyg/PWyciwygChannel.ipdl
+++ b/netwerk/protocol/wyciwyg/PWyciwygChannel.ipdl
@@ -3,6 +3,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 include protocol PNecko;
+include protocol PBrowser;
 include URIParams;
 
 include "SerializedLoadContext.h";
@@ -23,7 +24,8 @@ parent:
   Init(URIParams uri);
   AsyncOpen(URIParams             originalURI,
             uint32_t              loadFlags,
-            SerializedLoadContext loadContext);
+            SerializedLoadContext loadContext,
+            PBrowser browser);
 
   // methods corresponding to those of nsIWyciwygChannel
   WriteToCacheEntry(nsString data);
diff --git a/netwerk/protocol/wyciwyg/WyciwygChannelChild.cpp b/netwerk/protocol/wyciwyg/WyciwygChannelChild.cpp
index 63e102ce3f42..2b247bf92abd 100644
--- a/netwerk/protocol/wyciwyg/WyciwygChannelChild.cpp
+++ b/netwerk/protocol/wyciwyg/WyciwygChannelChild.cpp
@@ -6,6 +6,7 @@
 
 #include "mozilla/net/NeckoChild.h"
 #include "WyciwygChannelChild.h"
+#include "mozilla/dom/TabChild.h"
 
 #include "nsCharsetSource.h"
 #include "nsStringStream.h"
@@ -592,7 +593,16 @@ WyciwygChannelChild::AsyncOpen(nsIStreamListener *aListener, nsISupports *aConte
   URIParams originalURI;
   SerializeURI(mOriginalURI, originalURI);
 
-  SendAsyncOpen(originalURI, mLoadFlags, IPC::SerializedLoadContext(this));
+  mozilla::dom::TabChild* tabChild = nullptr;
+  nsCOMPtr<nsITabChild> iTabChild;
+  NS_QueryNotificationCallbacks(mCallbacks, mLoadGroup,
+                                NS_GET_IID(nsITabChild),
+                                getter_AddRefs(iTabChild));
+  if (iTabChild) {
+    tabChild = static_cast<mozilla::dom::TabChild*>(iTabChild.get());
+  }
+
+  SendAsyncOpen(originalURI, mLoadFlags, IPC::SerializedLoadContext(this), tabChild);
 
   mState = WCC_OPENED;
 
diff --git a/netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp b/netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp
index 9900c26f78f5..d6711cdde46c 100644
--- a/netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp
+++ b/netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp
@@ -11,8 +11,8 @@
 #include "nsCharsetSource.h"
 #include "nsISerializable.h"
 #include "nsSerializationHelper.h"
-#include "mozilla/LoadContext.h"
 #include "mozilla/ipc/URIUtils.h"
+#include "mozilla/net/NeckoParent.h"
 
 using namespace mozilla::ipc;
 
@@ -86,7 +86,8 @@ WyciwygChannelParent::RecvInit(const URIParams& aURI)
 bool
 WyciwygChannelParent::RecvAsyncOpen(const URIParams& aOriginal,
                                     const uint32_t& aLoadFlags,
-                                    const IPC::SerializedLoadContext& loadContext)
+                                    const IPC::SerializedLoadContext& loadContext,
+                                    PBrowserParent* aParent)
 {
   nsCOMPtr<nsIURI> original = DeserializeURI(aOriginal);
   if (!original)
@@ -107,9 +108,15 @@ WyciwygChannelParent::RecvAsyncOpen(const URIParams& aOriginal,
   if (NS_FAILED(rv))
     return SendCancelEarly(rv);
 
-  if (loadContext.IsNotNull())
-    mLoadContext = new LoadContext(loadContext);
-  else if (loadContext.IsPrivateBitValid()) {
+  const char* error = NeckoParent::CreateChannelLoadContext(aParent, loadContext,
+                                                            mLoadContext);
+  if (error) {
+    NS_WARNING(nsPrintfCString("WyciwygChannelParent::RecvAsyncOpen: error: %s\n",
+                               error).get());
+    return false;
+  }
+
+  if (!mLoadContext && loadContext.IsPrivateBitValid()) {
     nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(mChannel);
     if (pbChannel)
       pbChannel->SetPrivate(loadContext.mUsePrivateBrowsing);
diff --git a/netwerk/protocol/wyciwyg/WyciwygChannelParent.h b/netwerk/protocol/wyciwyg/WyciwygChannelParent.h
index 819c31031f87..628b8df30a3a 100644
--- a/netwerk/protocol/wyciwyg/WyciwygChannelParent.h
+++ b/netwerk/protocol/wyciwyg/WyciwygChannelParent.h
@@ -14,6 +14,10 @@
 #include "nsILoadContext.h"
 
 namespace mozilla {
+namespace dom {
+  class PBrowserParent;
+}
+
 namespace net {
 
 class WyciwygChannelParent : public PWyciwygChannelParent
@@ -33,7 +37,8 @@ protected:
   virtual bool RecvInit(const URIParams& uri);
   virtual bool RecvAsyncOpen(const URIParams& original,
                              const uint32_t& loadFlags,
-                             const IPC::SerializedLoadContext& loadContext);
+                             const IPC::SerializedLoadContext& loadContext,
+                             PBrowserParent* parent);
   virtual bool RecvWriteToCacheEntry(const nsString& data);
   virtual bool RecvCloseCacheEntry(const nsresult& reason);
   virtual bool RecvSetCharsetAndSource(const int32_t& source,
diff --git a/testing/xpcshell/head.js b/testing/xpcshell/head.js
index 6b5f800777d4..dc1edacd9669 100644
--- a/testing/xpcshell/head.js
+++ b/testing/xpcshell/head.js
@@ -35,16 +35,27 @@ let (ios = Components.classes["@mozilla.org/network/io-service;1"]
   ios.offline = false;
 }
 
-// Disable IPv6 lookups for 'localhost' on windows.
+// Determine if we're running on parent or child
+let runningInParent = true;
 try {
-  if ("@mozilla.org/windows-registry-key;1" in Components.classes) {
-    let processType = Components.classes["@mozilla.org/xre/runtime;1"].
-      getService(Components.interfaces.nsIXULRuntime).processType;
-    if (processType == Components.interfaces.nsIXULRuntime.PROCESS_TYPE_DEFAULT) {
-      let (prefs = Components.classes["@mozilla.org/preferences-service;1"]
-                   .getService(Components.interfaces.nsIPrefBranch)) {
-        prefs.setCharPref("network.dns.ipv4OnlyDomains", "localhost");
-      }
+  runningInParent = Components.classes["@mozilla.org/xre/runtime;1"].
+                    getService(Components.interfaces.nsIXULRuntime).processType
+                    == Components.interfaces.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+} 
+catch (e) { }
+
+try {
+  if (runningInParent) {
+    let prefs = Components.classes["@mozilla.org/preferences-service;1"]
+                .getService(Components.interfaces.nsIPrefBranch);
+
+    // disable necko IPC security checks for xpcshell, as they lack the
+    // docshells needed to pass them
+    prefs.setBoolPref("network.disable.ipc.security", true);
+
+    // Disable IPv6 lookups for 'localhost' on windows.
+    if ("@mozilla.org/windows-registry-key;1" in Components.classes) {
+      prefs.setCharPref("network.dns.ipv4OnlyDomains", "localhost");
     }
   }
 }
@@ -56,9 +67,7 @@ catch (e) { }
 // Note that if we're in a child process, we don't want to init the
 // crashreporter component.
 try { // nsIXULRuntime is not available in some configurations.
-  let processType = Components.classes["@mozilla.org/xre/runtime;1"].
-    getService(Components.interfaces.nsIXULRuntime).processType;
-  if (processType == Components.interfaces.nsIXULRuntime.PROCESS_TYPE_DEFAULT &&
+  if (runningInParent &&
       "@mozilla.org/toolkit/crash-reporter;1" in Components.classes) {
     // Remember to update </toolkit/crashreporter/test/unit/test_crashreporter.js>
     // too if you change this initial setting.
@@ -788,11 +797,7 @@ function do_get_profile() {
 function do_load_child_test_harness()
 {
   // Make sure this isn't called from child process
-  var runtime = Components.classes["@mozilla.org/xre/app-info;1"]
-                  .getService(Components.interfaces.nsIXULRuntime);
-  if (runtime.processType != 
-            Components.interfaces.nsIXULRuntime.PROCESS_TYPE_DEFAULT) 
-  {
+  if (!runningInParent) {
     do_throw("run_test_in_child cannot be called from child!");
   }
 
diff --git a/uriloader/prefetch/OfflineCacheUpdateChild.cpp b/uriloader/prefetch/OfflineCacheUpdateChild.cpp
index a08d38bf4843..8cfbac16cebf 100644
--- a/uriloader/prefetch/OfflineCacheUpdateChild.cpp
+++ b/uriloader/prefetch/OfflineCacheUpdateChild.cpp
@@ -435,7 +435,6 @@ OfflineCacheUpdateChild::Schedule()
     // a reference to us. Will be released in RecvFinish() that identifies 
     // the work has been done.
     child->SendPOfflineCacheUpdateConstructor(this, manifestURI, documentURI,
-                                              mInBrowser, mAppID,
                                               stickDocument);
 
     mIPCActivated = true;
diff --git a/uriloader/prefetch/OfflineCacheUpdateParent.cpp b/uriloader/prefetch/OfflineCacheUpdateParent.cpp
index 8bd86a790d3a..a94362ebae05 100644
--- a/uriloader/prefetch/OfflineCacheUpdateParent.cpp
+++ b/uriloader/prefetch/OfflineCacheUpdateParent.cpp
@@ -5,12 +5,14 @@
 
 #include "OfflineCacheUpdateParent.h"
 
+#include "mozilla/dom/TabParent.h"
 #include "mozilla/ipc/URIUtils.h"
 #include "nsOfflineCacheUpdate.h"
 #include "nsIApplicationCache.h"
 #include "nsNetUtil.h"
 
 using namespace mozilla::ipc;
+using mozilla::dom::TabParent;
 
 #if defined(PR_LOGGING)
 //
@@ -43,8 +45,11 @@ NS_IMPL_ISUPPORTS2(OfflineCacheUpdateParent,
 // OfflineCacheUpdateParent <public>
 //-----------------------------------------------------------------------------
 
-OfflineCacheUpdateParent::OfflineCacheUpdateParent()
+OfflineCacheUpdateParent::OfflineCacheUpdateParent(uint32_t aAppId,
+                                                   bool aIsInBrowser)
     : mIPCClosed(false)
+    , mIsInBrowserElement(aIsInBrowser)
+    , mAppId(aAppId)
 {
     // Make sure the service has been initialized
     nsOfflineCacheUpdateService* service =
@@ -69,8 +74,6 @@ OfflineCacheUpdateParent::ActorDestroy(ActorDestroyReason why)
 nsresult
 OfflineCacheUpdateParent::Schedule(const URIParams& aManifestURI,
                                    const URIParams& aDocumentURI,
-                                   const bool& isInBrowserElement,
-                                   const uint32_t& appId,
                                    const bool& stickDocument)
 {
     LOG(("OfflineCacheUpdateParent::RecvSchedule [%p]", this));
@@ -100,7 +103,7 @@ OfflineCacheUpdateParent::Schedule(const URIParams& aManifestURI,
     if (!NS_SecurityCompareURIs(manifestURI, documentURI, false))
         return NS_ERROR_DOM_SECURITY_ERR;
 
-    service->FindUpdate(manifestURI, appId, isInBrowserElement,
+    service->FindUpdate(manifestURI, mAppId, mIsInBrowserElement,
                         getter_AddRefs(update));
     if (!update) {
         update = new nsOfflineCacheUpdate();
@@ -108,7 +111,7 @@ OfflineCacheUpdateParent::Schedule(const URIParams& aManifestURI,
         // Leave aDocument argument null. Only glues and children keep 
         // document instances.
         rv = update->Init(manifestURI, documentURI, nullptr, nullptr,
-                          appId, isInBrowserElement);
+                          mAppId, mIsInBrowserElement);
         NS_ENSURE_SUCCESS(rv, rv);
 
         rv = update->Schedule();
diff --git a/uriloader/prefetch/OfflineCacheUpdateParent.h b/uriloader/prefetch/OfflineCacheUpdateParent.h
index 9b58e314fc84..c2fa97450f4d 100644
--- a/uriloader/prefetch/OfflineCacheUpdateParent.h
+++ b/uriloader/prefetch/OfflineCacheUpdateParent.h
@@ -14,6 +14,10 @@
 
 namespace mozilla {
 
+namespace dom {
+class TabParent;
+}
+
 namespace ipc {
 class URIParams;
 } // namespace ipc
@@ -34,11 +38,9 @@ public:
     nsresult
     Schedule(const URIParams& manifestURI,
              const URIParams& documentURI,
-             const bool& isInBrowserElement,
-             const uint32_t& appId,
              const bool& stickDocument);
 
-    OfflineCacheUpdateParent();
+    OfflineCacheUpdateParent(uint32_t aAppId, bool aIsInBrowser);
     ~OfflineCacheUpdateParent();
 
     virtual void ActorDestroy(ActorDestroyReason why);