HTTP - Origin Server (Header Field)

The Origin header is:

• a header field
• added to a request
• by the browser (ie client)
• with the origin value
• that indicate the source of the code (HTML, Javascript, …)
• that created the request.
• to the server

A devtool network snaphost of a request showing that this is a request created by a code that originates from fiddle.jshell.net to datacadamia.com

When the browser add the origin header.

• in case of a cross-origin request, the header is always added
• in case of same-origin request, the Origin header is included for all requests whose method is neither GET nor HEAD.

An origin is calculated by the browser with the scheme, host, and port of a URL of the request that created the resource (page, script)

If you want to set the origin what you want to do is mainly to set the host header on the web server.

• https://tools.ietf.org/html/rfc6454#section-7
• RFC 6454 - A. Barth. The Web Origin Concept. December 2011. Proposed Standard
• https://www.cloudflare.com/learning/cdn/glossary/origin-server/
• https://fetch.spec.whatwg.org/#origin-header