Origin request header indicates where a request originates from. It doesn't include any path information. It is similar to the
Referer header, but, unlike that header, it doesn't disclose the whole path.
Note: Basically, browsers add the
Origin request header to:
- all cross origin requests.
- same-origin requests except for
HEADrequests (i.e. they are added to same-origin
|Header type||Request header|
|Forbidden header name||yes|
Origin: null Origin: <scheme> "://" <hostname> [ ":" <port> ]
The protocol that is used. Usually it is the HTTP protocol or its secured version, HTTPS.
The domain name of the server (for virtual hosting) or the IP.
- <port> Optional
TCP port number on which the server is listening. If no port is given, the default port for the service requested (e.g., "80" for an HTTP URL) is implied.
|The Web Origin Concept |
|Fetch Standard (Fetch)|
BCD tables only load in the browser