The HTTP Origin request header specifies the origin of the client that initiated the request. The origin includes the
The HTTP Origin request header is sent by the client to specify its origin, which is useful for distinguishing between cross-origin and same-origin HTTP requests. If the client needs access to resources included in a HTTP response then the HTTP Origin header may be part of the HTTP request.
The directives are
null directive is used to indicate that the origin is private, or otherwise unnecessary. For example, the HTTP Origin header might be
null if the scheme is not HTTP, HTTPS, FTP, WS, WSS, or GOPHER.
scheme refers to the protocol in use, typically either HTTP or HTTPS.
hostname directive refers to the domain name or IP address of the origin server.
port directive is optional and refers to the network port that the server is listening to for accepting and processing HTTP Connection requests. If no
port is specified then the default port for the service is assumed. For example, port 80 is assumed for HTTP requests, whereas port 443 is assumed for HTTPS requests.
In the following example, the origin is obscured using the
In the following example, the origin specifies the
scheme and the domain name as
In the following example, the
scheme, the domain name as
hostname, and the custom
port that the server is listening on are specified.
The HTTP Origin header is used to indicate the origin of the client making the HTTP request, which is useful for cross-origin and same-origin HTTP requests.