The Timing-Allow-Origin response header specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.
| Header type | Response header |
|---|---|
| Forbidden header name | no |
Syntax
Timing-Allow-Origin: * Timing-Allow-Origin: <origin>[, <origin>]*
Directives
- *
- The server may specify "*" as a wildcard, thereby allowing any origin to see timing resources.
- <origin>
- Specifies a URI that may see the timing resources. You can specify multiple origins, separated by commas.
Examples
To allow any resource to see timing resources:
Timing-Allow-Origin: *
To allow https://developer.mozilla.org to see timing resources, you can specify:
Timing-Allow-Origin: https://developer.mozilla.org
Specifications
| Specification | Status | Comment |
|---|---|---|
| Resource Timing Level 3 The definition of 'Timing-Allow-Origin' in that specification. |
Editor's Draft | Initial definition. |
Browser compatibility
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Timing-Allow-Origin | Chrome Full support Yes | Edge Full support ≤79 | Firefox Full support Yes | IE ? | Opera Full support Yes | Safari Full support Yes | WebView Android Full support Yes | Chrome Android Full support Yes | Firefox Android Full support Yes | Opera Android Full support Yes | Safari iOS Full support Yes | Samsung Internet Android Full support Yes |
Legend
- Full support
- Full support
- Compatibility unknown
- Compatibility unknown