HTTP - Origin Server (Header Field)


The Origin header is:

This is not the ip or hostname of the client that created the request to the server

The Origin header value is the same than the Referer header but without the path.


A devtool network snaphost of a request showing that this is a request created by a code that originates from to

When the origin is set by the browser

When the browser add the origin header.

  • in case of a cross-origin request, the header is always added
  • in case of same-origin request, the Origin header is included for all requests whose method is neither GET nor HEAD.
Browser Request Type Origin Added ?
All browser Cross-origin Yes
Chrome Same-origin Yes: POST/PUT/DELETE
Safari Same-origin Yes: POST/PUT/DELETE

How to set the origin

An origin is calculated by the browser with the scheme, host, and port of a URL of the request that created the resource (page, script)

If you want to set the origin what you want to do is mainly to set the host header on the web server.


Powered by ComboStrap