Timing-Allow-Origin

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since September 2015.

The Timing-Allow-Origin response header specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.

Header type	Response header
Forbidden header name	no

Syntax

http

Timing-Allow-Origin: *
Timing-Allow-Origin: <origin>[, <origin>]*

Directives

*: The server may specify "*" as a wildcard, thereby allowing any origin to see timing resources.
<origin>: Specifies a URI that may see the timing resources. You can specify multiple origins, separated by commas.

Examples

To allow any resource to see timing resources:

http

Timing-Allow-Origin: *

To allow https://developer.mozilla.org to see timing resources, you can specify:

http

Timing-Allow-Origin: https://developer.mozilla.org

Specifications

Specification
Resource Timing # sec-timing-allow-origin

Browser compatibility

BCD tables only load in the browser

Syntax

Directives

Examples

Specifications

Browser compatibility

See also