Timing-Allow-Origin
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since September 2015.
The HTTP Timing-Allow-Origin
response header specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.
Header type | Response header |
---|---|
Forbidden header name | No |
Syntax
Timing-Allow-Origin: *
Timing-Allow-Origin: <origin>, …, <originN>
Directives
*
(wildcard)-
Any origin may see timing resources.
<origin>
-
Specifies a URI that may see the timing resources. You can specify multiple origins, separated by commas.
Examples
Using Timing-Allow-Origin
To allow any resource to see timing resources:
Timing-Allow-Origin: *
To allow https://developer.mozilla.org
to see timing resources, you can specify:
Timing-Allow-Origin: https://developer.mozilla.org
Specifications
Specification |
---|
Resource Timing # sec-timing-allow-origin |
Browser compatibility
Report problems with this compatibility data on GitHubdesktop | mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Timing-Allow-Origin |
Legend
Tip: you can click/tap on a cell for more information.
- Full support
- Full support
See also
- Resource Timing API
Server-Timing
headerVary
header