HTTP - Origin Server (Header Field)

1 - About

The Origin header is:

This is not the ip or hostname of the client that created the request to the server
The Origin header value is the same than the Referer header but without the path.

3 - Example

A devtool network snaphost of a request showing that this is a request created by a code that originates from fiddle.jshell.net to datacadamia.com

4 - When the origin is set by the browser

When the browser add the origin header.

  • in case of a cross-origin request, the header is always added
  • in case of same-origin request, the Origin header is included for all requests whose method is neither GET nor HEAD.
Browser Request Type Origin Added ?
All browser Cross-origin Yes
Chrome Same-origin Yes: POST/PUT/DELETE
No: GET/HEAD
Safari Same-origin Yes: POST/PUT/DELETE
No: GET/HEAD

5 - How to set the origin

An origin is calculated by the browser with the scheme, host, and port of a URL of the request that created the resource (page, script)

If you want to set the origin what you want to do is mainly to set the host header on the web server.

6 - Documentation


Data Science
Data Analysis
Statistics
Data Science
Linear Algebra Mathematics
Trigonometry

Powered by ComboStrap