Timing-Allow-Origin

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since September 2015.

The HTTP Timing-Allow-Origin response header specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.

Header type Response header
Forbidden header name No

Syntax

http
Timing-Allow-Origin: *
Timing-Allow-Origin: <origin>, …, <originN>

Directives

* (wildcard)

Any origin may see timing resources.

<origin>

Specifies a URI that may see the timing resources. You can specify multiple origins, separated by commas.

Examples

Using Timing-Allow-Origin

To allow any resource to see timing resources:

http
Timing-Allow-Origin: *

To allow https://developer.mozilla.org to see timing resources, you can specify:

http
Timing-Allow-Origin: https://developer.mozilla.org

Specifications

Specification
Resource Timing
# sec-timing-allow-origin

Browser compatibility

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
Timing-Allow-Origin

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support

See also