Web content's origin is defined by the scheme (protocol), host (domain), and port of the URL used to access it. Two objects have the same origin only when the scheme, host, and port all match.

Some operations are restricted to same-origin content, and this restriction can be lifted using CORS.

Examples of same origin

http://example.com/app1/index.html
http://example.com/app2/index.html
same origin because same scheme (http) and host (example.com)
http://Example.com:80
http://example.com
same origin because a server delivers HTTP content through port 80 by default

Examples of different origin

http://example.com/app1
https://example.com/app2
different schemes
http://example.com
http://www.example.com
http://myapp.example.com
different hosts
http://example.com
http://example.com:8080
different ports

Specifications

Specification Status Comment
HTML Living Standard
The definition of 'origin' in that specification.
Living Standard  

Learn more

See Same-origin policy for more information.

Document Tags and Contributors

Last updated by: mfuji09,