diff --git a/dom/base/nsXMLHttpRequest.cpp b/dom/base/nsXMLHttpRequest.cpp
index b0bec82e4499..7b2ea37bd326 100644
--- a/dom/base/nsXMLHttpRequest.cpp
+++ b/dom/base/nsXMLHttpRequest.cpp
@@ -995,7 +995,7 @@ nsXMLHttpRequest::GetResponse(JSContext* aCx,
 }
 
 bool
-nsXMLHttpRequest::IsCrossSiteCORSRequest()
+nsXMLHttpRequest::IsCrossSiteCORSRequest() const
 {
   if (!mChannel) {
     return false;
@@ -1197,10 +1197,10 @@ nsXMLHttpRequest::SlowAbort()
 /*Method that checks if it is safe to expose a header value to the client.
 It is used to check what headers are exposed for CORS requests.*/
 bool
-nsXMLHttpRequest::IsSafeHeader(const nsACString& header, nsIHttpChannel* httpChannel)
+nsXMLHttpRequest::IsSafeHeader(const nsACString& aHeader, NotNull<nsIHttpChannel*> aHttpChannel) const
 {
   // See bug #380418. Hide "Set-Cookie" headers from non-chrome scripts.
-  if (!IsSystemXHR() && nsContentUtils::IsForbiddenResponseHeader(header)) {
+  if (!IsSystemXHR() && nsContentUtils::IsForbiddenResponseHeader(aHeader)) {
     NS_WARNING("blocked access to response header");
     return false;
   }
@@ -1223,14 +1223,14 @@ nsXMLHttpRequest::IsSafeHeader(const nsACString& header, nsIHttpChannel* httpCha
     "last-modified", "pragma"
   };
   for (uint32_t i = 0; i < ArrayLength(kCrossOriginSafeHeaders); ++i) {
-    if (header.LowerCaseEqualsASCII(kCrossOriginSafeHeaders[i])) {
+    if (aHeader.LowerCaseEqualsASCII(kCrossOriginSafeHeaders[i])) {
       return true;
     }
   }
   nsAutoCString headerVal;
   // The "Access-Control-Expose-Headers" header contains a comma separated
   // list of method names.
-  httpChannel->
+  aHttpChannel->
       GetResponseHeader(NS_LITERAL_CSTRING("Access-Control-Expose-Headers"),
                         headerVal);
   nsCCharSeparatedTokenizer exposeTokens(headerVal, ',');
@@ -1243,7 +1243,7 @@ nsXMLHttpRequest::IsSafeHeader(const nsACString& header, nsIHttpChannel* httpCha
     if (!NS_IsValidHTTPToken(token)) {
       return false;
     }
-    if (header.Equals(token, nsCaseInsensitiveCStringComparator())) {
+    if (aHeader.Equals(token, nsCaseInsensitiveCStringComparator())) {
       isSafe = true;
     }
   }
@@ -1264,7 +1264,8 @@ nsXMLHttpRequest::GetAllResponseHeaders(nsCString& aResponseHeaders)
   }
 
   if (nsCOMPtr<nsIHttpChannel> httpChannel = GetCurrentHttpChannel()) {
-    RefPtr<nsHeaderVisitor> visitor = new nsHeaderVisitor(this, httpChannel);
+    RefPtr<nsHeaderVisitor> visitor =
+      new nsHeaderVisitor(*this, WrapNotNull(httpChannel));
     if (NS_SUCCEEDED(httpChannel->VisitResponseHeaders(visitor))) {
       aResponseHeaders = visitor->Headers();
     }
@@ -1358,7 +1359,7 @@ nsXMLHttpRequest::GetResponseHeader(const nsACString& header,
   }
 
   // Check for dangerous headers
-  if (!IsSafeHeader(header, httpChannel)) {
+  if (!IsSafeHeader(header, WrapNotNull(httpChannel))) {
     return;
   }
 
@@ -1458,7 +1459,7 @@ nsXMLHttpRequest::GetCurrentJARChannel()
 }
 
 bool
-nsXMLHttpRequest::IsSystemXHR()
+nsXMLHttpRequest::IsSystemXHR() const
 {
   return mIsSystem || nsContentUtils::IsSystemPrincipal(mPrincipal);
 }
@@ -3648,7 +3649,7 @@ NS_IMPL_ISUPPORTS(nsXMLHttpRequest::nsHeaderVisitor, nsIHttpHeaderVisitor)
 NS_IMETHODIMP nsXMLHttpRequest::
 nsHeaderVisitor::VisitHeader(const nsACString &header, const nsACString &value)
 {
-  if (mXHR->IsSafeHeader(header, mHttpChannel)) {
+  if (mXHR.IsSafeHeader(header, mHttpChannel)) {
     mHeaders.Append(header);
     mHeaders.AppendLiteral(": ");
     mHeaders.Append(value);
diff --git a/dom/base/nsXMLHttpRequest.h b/dom/base/nsXMLHttpRequest.h
index c3c50b29fc1f..50905b743072 100644
--- a/dom/base/nsXMLHttpRequest.h
+++ b/dom/base/nsXMLHttpRequest.h
@@ -7,7 +7,6 @@
 #ifndef nsXMLHttpRequest_h__
 #define nsXMLHttpRequest_h__
 
-#include "mozilla/Attributes.h"
 #include "nsIXMLHttpRequest.h"
 #include "nsISupportsUtils.h"
 #include "nsString.h"
@@ -30,8 +29,10 @@
 #include "nsIXPConnect.h"
 #include "nsIInputStream.h"
 #include "mozilla/Assertions.h"
+#include "mozilla/Attributes.h"
 #include "mozilla/DOMEventTargetHelper.h"
 #include "mozilla/MemoryReporting.h"
+#include "mozilla/NotNull.h"
 #include "mozilla/dom/TypedArray.h"
 #include "mozilla/dom/XMLHttpRequestBinding.h"
 
@@ -423,7 +424,7 @@ private:
     return Send(Nullable<RequestBody>(aBody));
   }
 
-  bool IsCrossSiteCORSRequest();
+  bool IsCrossSiteCORSRequest() const;
   bool IsDeniedCrossSiteCORSRequest();
 
   // Tell our channel what network interface ID we were told to use.
@@ -515,7 +516,8 @@ public:
     }
   }
   void GetAllResponseHeaders(nsCString& aResponseHeaders);
-  bool IsSafeHeader(const nsACString& aHeaderName, nsIHttpChannel* aHttpChannel);
+  bool IsSafeHeader(const nsACString& aHeaderName,
+                    mozilla::NotNull<nsIHttpChannel*> aHttpChannel) const;
   void OverrideMimeType(const nsAString& aMimeType)
   {
     // XXX Should we do some validation here?
@@ -615,7 +617,7 @@ protected:
   already_AddRefed<nsIHttpChannel> GetCurrentHttpChannel();
   already_AddRefed<nsIJARChannel> GetCurrentJARChannel();
 
-  bool IsSystemXHR();
+  bool IsSystemXHR() const;
 
   void ChangeStateToDone();
 
@@ -643,15 +645,16 @@ protected:
   public:
     NS_DECL_ISUPPORTS
     NS_DECL_NSIHTTPHEADERVISITOR
-    nsHeaderVisitor(nsXMLHttpRequest* aXMLHttpRequest, nsIHttpChannel* aHttpChannel)
+    nsHeaderVisitor(const nsXMLHttpRequest& aXMLHttpRequest,
+                    mozilla::NotNull<nsIHttpChannel*> aHttpChannel)
       : mXHR(aXMLHttpRequest), mHttpChannel(aHttpChannel) {}
     const nsACString &Headers() { return mHeaders; }
   private:
     virtual ~nsHeaderVisitor() {}
 
     nsCString mHeaders;
-    nsXMLHttpRequest* mXHR;
-    nsCOMPtr<nsIHttpChannel> mHttpChannel;
+    const nsXMLHttpRequest& mXHR;
+    mozilla::NotNull<nsCOMPtr<nsIHttpChannel>> mHttpChannel;
   };
 
   // The bytes of our response body. Only used for DEFAULT, ARRAYBUFFER and