The Origin
request header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with CORS requests, as well as with POST
requests. It is similar to the Referer
header, but, unlike this header, it doesn't disclose the whole path.
Header type | Request header |
---|---|
Forbidden header name | yes |
Origin: "" Origin: <scheme> "://" <hostname> [ ":" <port> ]
Origin
can be the empty string: this is useful, for example, if the source is a data
URL.
Origin: https://developer.mozilla.org
Specification | Comment |
---|---|
RFC 6454, section 7: Origin | The Web Origin Concept |
Fetch The definition of 'Origin header' in that specification. | Supplants the Origin header as defined in RFC6454. |
Desktop | ||||||
---|---|---|---|---|---|---|
Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | |
Basic support | Yes | Yes
|
59
|
Yes | Yes | Yes |
Mobile | |||||||
---|---|---|---|---|---|---|---|
Android webview | Chrome for Android | Edge Mobile | Firefox for Android | Opera for Android | iOS Safari | Samsung Internet | |
Basic support | Yes | Yes | Yes | 59
|
Yes | Yes | Yes |
© 2005–2018 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin