The Timing-Allow-Origin response header specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.
| Header type | Response header |
|---|---|
| Forbidden header name | no |
Timing-Allow-Origin: * Timing-Allow-Origin: <origin>[, <origin>]*
*The server may specify "*" as a wildcard, thereby allowing any origin to see timing resources.
Specifies a URI that may see the timing resources. You can specify multiple origins, separated by commas.
To allow any resource to see timing resources:
Timing-Allow-Origin: *
To allow https://developer.mozilla.org to see timing resources, you can specify:
Timing-Allow-Origin: https://developer.mozilla.org
| Specification |
|---|
| Resource Timing Level 2 # sec-timing-allow-origin |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
Timing-Allow-Origin |
Yes |
≤79 |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
© 2005–2022 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin