Timing-Allow-Origin
{{HTTPSidebar}}
The HTTP Timing-Allow-Origin {{Glossary("response header")}} specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.
| Header type | `{{Glossary("Response header")}}` |
|---|---|
| `{{Glossary("Forbidden header name")}}` | No |
Syntax
Timing-Allow-Origin: *
Timing-Allow-Origin: <origin>, …, <originN>
Directives
*(wildcard)- : Any origin may see timing resources.
<origin>- : Specifies a URI that may see the timing resources. You can specify multiple origins, separated by commas.
Examples
Using Timing-Allow-Origin
To allow any resource to see timing resources:
Timing-Allow-Origin: *
To allow https://developer.mozilla.org to see timing resources, you can specify:
Timing-Allow-Origin: https://developer.mozilla.org
Specifications
{{Specifications}}
Browser compatibility
{{Compat}}
See also
- Resource Timing API
{{HTTPHeader("Server-Timing")}}header{{HTTPHeader("Vary")}}header