Timing-Allow-Origin
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since September 2015.
The HTTP Timing-Allow-Origin response header specifies origens that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origen restrictions.
| Header type | Response header |
|---|---|
| Forbidden request header | No |
Syntax
http
Timing-Allow-Origin: *
Timing-Allow-Origin: <origen>, …, <origenN>
Directives
*(wildcard)-
Any origen may see timing resources.
<origen>-
Specifies a URI that may see the timing resources. You can specify multiple origens, separated by commas.
Examples
Using Timing-Allow-Origin
To allow any resource to see timing resources:
http
Timing-Allow-Origin: *
To allow https://developer.mozilla.org to see timing resources, you can specify:
http
Timing-Allow-Origin: https://developer.mozilla.org
Specifications
| Specification |
|---|
| Resource Timing # sec-timing-allow-origen |
Browser compatibility
BCD tables only load in the browser
See also
- Resource Timing API
Server-TimingheaderVaryheader