Skip to content
Related Articles
Open in App
Not now

Related Articles

HTTP headers | Timing-Allow-Origin

Improve Article
Save Article
  • Last Updated : 08 Jun, 2020
Improve Article
Save Article

The Timing-Allow-Origin(TAO) header is a response-type header. It is used to indicate all the origins that are permitted to read the values of attributes retrieved from the Resource Timing API’s features. The default values assigned to these attributes is “zero” as a consequence of cross-origin restrictions. 

The TAO header can be a wildcard (*) that allows all the origins to access the information related to timing simultaneously. However it is better to specify only a few origins, this can help to minimize the hazardous attacks that can leak personal information of various users leading to profound consequences. 


Timing-Allow-Origin: * 


Timing-Allow-Origin: <origin> [, <origin>]*

Directives:  This header accepts two directive as mentioned above and described below:

  • * : This directive is a wildcard character that gives permission to any origin to access the timing resources. 
  • <origin>: This directive indicates a single URI (Uniform Resource Identifier) or a set of URIs separated by commas, which can access the timing resources. 


  • When all the resources are allowed to access various timing resources with the help of wildcard i.e.”*”: 
Timing-Allow-Origin: * 
  • To allow only “” to access the timing resources: 

Supported Browsers:  The browsers  are compatible with HTTP Timing-Allow-Origin header are listed below: 

  • Google Chrome
  • Edge
  • Opera
  • Firefox
  • Safari
My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!