diff --git a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
index 98fa7b7a5a2..13df0908131 100644
--- a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
+++ b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
@@ -49,11 +49,9 @@ class PostMessageEvent extends DataFlow::SourceNode {
    * Holds if an access on `MessageEvent.origin` is in an `EqualityTest` and there is no call of an insufficient verification method on `MessageEvent.origin`
    */
   predicate hasOriginChecked() {
-    exists(string prop | prop = "origin" or prop = "source" |
-      astNode.getAnOperand().(PropAccess).accesses(event, prop) and
-      event.mayReferToParameter*(this.asExpr()) and
-      not this.hasOriginInsufficientlyChecked()
-    )
+    exists(EqualityTest test |
+      this.getAPropertyRead(["origin", "source"]).flowsToExpr(test.getAnOperand())
+   )
   }
 
   /**