Timing-Allow-Origin

The HTTP Timing-Allow-Origin response grants the client permission to see values of attributes related to the Resource Timing API, which is ordinarily be masked due to cross-origin considerations.

Usage

The HTTP Timing-Allow-Origin response header is sent by the server to allow client visibility into parameters and attributes used by the Resource Timing API. The only directives are specific Origins and the asterisk character *, which serves as a wildcard.

Example

In the following example, the origin https://example.re has visibility of timing resources.

Timing-Allow-Origin: https://www.example.re

To grant permission to any resource, use the wildcard:

Timing-Allow-Origin: *

Takeaway

The HTTP Timing-Allow-Origin header is used to grant permission to see attributes related to the Resource Timing API, which is normally be unavailable.

See also

Last updated: August 2, 2023