HTTP headers | Timing-Allow-Origin

The Timing-Allow-Origin(TAO) header is a response-type header. It is used to indicate all the origins that are permitted to read the values of attributes retrieved from the Resource Timing API’s features. The default values assigned to these attributes is “zero” as a consequence of cross-origin restrictions. 

The TAO header can be a wildcard (*) that allows all the origins to access the information related to timing simultaneously. However it is better to specify only a few origins, this can help to minimize the hazardous attacks that can leak personal information of various users leading to profound consequences. 


Timing-Allow-Origin: * 


Timing-Allow-Origin: <origin> [, <origin>]*

Directives:  This header accepts two directive as mentioned above and described below:

  • * : This directive is a wildcard character that gives permission to any origin to access the timing resources. 
  • <origin>: This directive indicates a single URI (Uniform Resource Identifier) or a set of URIs separated by commas, which can access the timing resources. 


  • When all the resources are allowed to access various timing resources with the help of wildcard i.e.”*”: 
Timing-Allow-Origin: * 
  • To allow only “” to access the timing resources: 

Supported Browsers:  The browsers  are compatible with HTTP Timing-Allow-Origin header are listed below: 

  • Google Chrome
  • Edge
  • Opera
  • Firefox
  • Safari
My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using or mail your article to See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.

Article Tags :

Be the First to upvote.

Please write to us at to report any issue with the above content.