Origin

Indicates the origin (scheme + host + port) of the request. Used for CORS and CSRF checks.

Request

Syntax

Origin: <scheme>://<host>[:<port>]

Example values

ValueExplanation
https://app.example.comSame-origin request
https://other-site.comCross-origin

cURL usage

curl -H "Origin: https://app.example.com" https://api.example.com/data

Common mistakes

Not sent for same-origin or GET in some browsers; required for CORS preflight.

Related headers

RefererAccess-Control-Allow-Origin

Tools

HTTP Header Viewer →