Origin
The HTTP Origin request header specifies the origin of the client that initiated the request. The origin includes the scheme, hostname, and port.
Usage
The HTTP Origin request header is sent by the client to specify its origin, which is useful for distinguishing between cross-origin and same-origin HTTP requests. If the client needs access to resources included in a HTTP response then the HTTP Origin header may be part of the HTTP request.
The directives are null, scheme, hostname, and port.
null
The null directive is used to indicate that the origin is private, or otherwise unnecessary. For example, the HTTP Origin header might be null if the scheme is not HTTP, HTTPS, FTP, WS, WSS, or GOPHER.
scheme
The scheme refers to the protocol in use, typically either HTTP or HTTPS.
hostname
The hostname directive refers to the domain name or IP address of the origin server.
port
The port directive is optional and refers to the network port that the server is listening to for accepting and processing HTTP Connection requests. If no port is specified then the default port for the service is assumed. For example, port 80 is assumed for HTTP requests, whereas port 443 is assumed for HTTPS requests.
Example
In the following example, the origin is obscured using the null directive.
Request
Origin: null
In the following example, the origin specifies the scheme and the domain name as hostname.
Request
Origin: http://www.example.re
In the following example, the scheme, the domain name as hostname, and the custom port that the server is listening on are specified.
Request
Origin: https://private.example.re:5000
Takeaway
The HTTP Origin header is used to indicate the origin of the client making the HTTP request, which is useful for cross-origin and same-origin HTTP requests.