Origin-Trial

The HTTP Origin-Trial response header is an unofficial header enabling experimental browser features for a specific origin by providing a server-signed trial token.

Table of Contents

Usage

Browser vendors, primarily Google Chrome, offer origin trials as a way to test experimental web platform features in production before they become stable. Instead of requiring users to enable feature flags, a site operator registers for a trial through the Chrome Origin Trials portal and receives a Base64-encoded token. The server includes this token in the Origin-Trial response header, and the browser activates the experimental feature for pages served from the registered origin.

Each token encodes a JSON payload containing the origin, the feature name, an expiry timestamp, and whether the trial extends to subdomains. The browser validates the token signature, checks the origin and expiry, and enables the feature if everything matches. Expired or invalid tokens are silently ignored.

A single response supports multiple active trials. Multiple tokens are delivered either as comma-separated values in one header or as separate Origin-Trial headers. Large sites like YouTube, Instagram, and Facebook commonly run several origin trials simultaneously, testing features such as crash reporting APIs and session credential mechanisms.

Values

Base64-encoded token

The value is a Base64-encoded string containing a signed token. The token payload is a JSON object with the following fields:

  • origin: the registered origin (e.g., https://example.re:443)
  • feature: the experimental feature name (e.g., CrashReportingStorageAPI)
  • expiry: a Unix timestamp for when the trial expires
  • isSubdomain: a boolean indicating whether the trial covers all subdomains of the origin

The outer Base64 string also includes a cryptographic signature prefix the browser uses to verify the token was issued by the trial authority.

Example

A site enrolled in a single origin trial includes the token in the response. The token below (truncated for readability) encodes an origin of https://www.example.re:443, the feature CrashReportingStorageAPI, and an expiry timestamp. The browser decodes and validates the token, then activates the feature for this page load.

Origin-Trial: ArDvqjFKr1fHThlSM8Kkp74sxlOCFTeq...

Sites running multiple origin trials at the same time send comma-separated tokens. Each token activates a different experimental feature independently.

Origin-Trial: AmhMBR6zCLzDDx..., AiDEBptUfVeO93...

The token is opaque to the end user. Decoding the Base64 payload reveals the trial metadata. For instance, a decoded token payload looks like this:

{
  "origin": "https://www.example.re:443",
  "feature": "CrashReportingStorageAPI",
  "expiry": 1776729600,
  "isSubdomain": true
}

An alternative to the response header is a <meta> tag in HTML. Both approaches activate the trial identically.

<meta http-equiv="origin-trial"
  content="ArDvqjFKr1fHThlSM8Kkp74sxlOCFTeq...">

Takeaway

The Origin-Trial header activates experimental browser features for a registered origin by providing a signed, time-limited token the browser validates on each page load.

See also

Last updated: March 6, 2026