Open In App

HTTP headers | Timing-Allow-Origin

Improve
Improve
Like Article
Like
Save
Share
Report

The Timing-Allow-Origin(TAO) header is a response-type header. It is used to indicate all the origins that are permitted to read the values of attributes retrieved from the Resource Timing API’s features. The default values assigned to these attributes is “zero” as a consequence of cross-origin restrictions. 

The TAO header can be a wildcard (*) that allows all the origins to access the information related to timing simultaneously. However it is better to specify only a few origins, this can help to minimize the hazardous attacks that can leak personal information of various users leading to profound consequences. 

Syntax: 

Timing-Allow-Origin: * 

OR

Timing-Allow-Origin: <origin> [, <origin>]*

Directives:  This header accepts two directive as mentioned above and described below:

  • * : This directive is a wildcard character that gives permission to any origin to access the timing resources. 
     
  • <origin>: This directive indicates a single URI (Uniform Resource Identifier) or a set of URIs separated by commas, which can access the timing resources. 
     

Examples: 

  • When all the resources are allowed to access various timing resources with the help of wildcard i.e.”*”: 
Timing-Allow-Origin: * 
  • To allow only “https://www.geeksforgeeks.org” to access the timing resources: 
Timing-Allow-Origin: https://www.geeksforgeeks.org 

Supported Browsers:  The browsers  are compatible with HTTP Timing-Allow-Origin header are listed below: 

  • Google Chrome
  • Edge
  • Opera
  • Firefox
  • Safari

Last Updated : 08 Jun, 2020
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads