HTTP - Origin Server (Header Field)

About

The Origin header is:

This is not the ip or hostname of the client that created the request to the server

The Origin header value is the same than the Referer header but without the path.

Example

A devtool network snaphost of a request showing that this is a request created by a code that originates from fiddle.jshell.net to datacadamia.com

Origin Http Header

When the origin is set by the browser

When the browser add the origin header.

  • in case of a cross-origin request, the header is always added
  • in case of same-origin request, the Origin header is included for all requests whose method is neither GET nor HEAD.
Browser Request Type Origin Added ?
All browser Cross-origin Yes
Chrome Same-origin Yes: POST/PUT/DELETE
No: GET/HEAD
Safari Same-origin Yes: POST/PUT/DELETE
No: GET/HEAD

How to set the origin

An origin is calculated by the browser with the scheme, host, and port of a URL of the request that created the resource (page, script)

If you want to set the origin what you want to do is mainly to set the host header on the web server.

How to get the origin of the page with Javascript?

console.log(`The origin of this page is ${window.origin}`)

Documentation





Discover More
(HTTP|HTTPS) - Hypertext Transfer Protocol

Hypertext Transfer Protocol (HTTP) is the transfer protocol to exchange or transfer web resource between nodes (host). The H in HTTP means an hypertext (ie HTML). The protocol was first designed...
Cors Flowchart
Browser - Cross Origin Resource Sharing (CORS)

Cross-origin resource sharing (CORS) is a mechanism that: * allows a HTTP server * to control the cross-origin requests executed by a browser. In short, a HTTP server may allow or not to receive...
Browser
Browser - Fetching Resources (Request/Response)

This article is fetching (http request/response) in the browser. User agents can implement a variety of transfer protocols to fetch resources such as: HTTP : , ... Form FTP ... rendering...
Browser Local Storage Devtool
Browser - Web API - Local Storage

localStorage is a browser/client side data storage mechanism. It's one of the two web storage (key/pair) api and is part of the web api The localStorage property allows you to access a local StorageStorage...
Windows Internet Properties Proxy
HTTP - Forward Proxy

A forward proxy is a proxy application that is configured to intercept and forward every internal Http request to an destination website, hence the name Forward Proxy. It's also known as man-in-the-middle...
HTTP - Gateway (Reverse Proxy)

A reverse proxy (or gateway) is a proxy that is configured to appear to the client just like an ordinary web server. Traffic from the internet at large enters system through reverse proxy, which then...
HTTP - Proxy

An HTTP proxy is a proxy that re-routes the HTTP message (request and response). It sits between the client and the origin server. There is two kinds of proxy but they are just the same application,...
HTTP - Same Origin Request

A request is a same-origin request if: the request’s origin and the origin of request’s current url page are the same. requestsame-origincross origin Two HTTP requests havenot the same origin...
Devtool Tracking Cookie Identifier Counter
How does a tracking cookie work? A step by step example

This page shows you a basic example of a tracking ... cookie so that you can understand and implement the underlying mechanisms. These cookies are third-party cookie. A tracking cookie is also known...
Map Of Internet 1973
Network - Border Gateway Protocol (BGP) - (Internet route)

Border Gateway Protocol (BGP) is the postal service of the Internet. It chooses the best route to deliver network data by looking at all of the available paths. When a user in Singapore loads a website...



Share this page:
Follow us:
Task Runner