HTTP - Origin Server (Header Field)

About

The Origin header is:

This is not the ip or hostname of the client that created the request to the server

The Origin header value is the same than the Referer header but without the path.

Example

A devtool network snaphost of a request showing that this is a request created by a code that originates from fiddle.jshell.net to datacadamia.com

Origin Http Header

When the origin is set by the browser

When the browser add the origin header.

  • in case of a cross-origin request, the header is always added
  • in case of same-origin request, the Origin header is included for all requests whose method is neither GET nor HEAD.
Browser Request Type Origin Added ?
All browser Cross-origin Yes
Chrome Same-origin Yes: POST/PUT/DELETE
No: GET/HEAD
Safari Same-origin Yes: POST/PUT/DELETE
No: GET/HEAD

How to set the origin

An origin is calculated by the browser with the scheme, host, and port of a URL of the request that created the resource (page, script)

If you want to set the origin what you want to do is mainly to set the host header on the web server.

How to get the origin of the page with Javascript?

console.log(`The origin of this page is ${window.origin}`)

Documentation





Discover More
(HTTP|HTTPS) - Hypertext Transfer Protocol

Hypertext Transfer Protocol (HTTP) is the transfer protocol to exchange or transfer web resource between nodes (host). The H in HTTP means an hypertext (ie HTML). The protocol was first designed...
Browser
Browser - Fetching Resources (Request/Response)

This article is fetching (http request/response) in the browser. User agents can implement a variety of transfer protocols to fetch resources such as: HTTP : , ... Form FTP ... rendering...
Windows Internet Properties Proxy
HTTP - Forward Proxy

A forward proxy is a proxy application that is configured to intercept and forward every internal Http request to an destination website, hence the name Forward Proxy. It's also known as man-in-the-middle...
HTTP - Gateway (Reverse Proxy)

A reverse proxy (or gateway) is a proxy that is configured to appear to the client just like an ordinary web server. Traffic from the internet at large enters system through reverse proxy, which then...
HTTP - Same Origin Request

A request is a same-origin request if: the request’s origin and the origin of request’s current url page are the same. requestsame-origincross origin Two HTTP requests havenot the same origin...
Devtool Tracking Cookie Identifier Counter
How does a tracking cookie work? A step by step example

This page shows you a basic example of a tracking ... cookie so that you can understand and implement the underlying mechanisms. These cookies are third-party cookie. A tracking cookie is also known...
Map Of Internet 1973
Network - Border Gateway Protocol (BGP) - (Internet route)

Border Gateway Protocol (BGP) is the postal service of the Internet. It chooses the best route to deliver network data by looking at all of the available paths. When a user in Singapore loads a website...
Google Search Console Links
Search Engine - Backlink (Internal / External Link)

A backlink is a link that points to a page. Technically, it means that the href attribute of the link has the same value than the url of the page. backlinks are important for search engine optimization...
Security - Third Party (3P)

A third party is an external entity to your organization or to your code. In HTTP, a third-party is identified via the origin and if it needs or not to make cross-origin request Example:
Web - Server

A web server is a HTTP server that respond to HTTP request, generally returning a web page (HTML) (but it can serve any type of files). The request is handled: by native handlers (module) (if the server...



Share this page:
Follow us:
Task Runner