Published Aug 18, 2022
Contribute to Docs

Access-Control-Allow-Origin in a CORS response header that tells which requests from other pieces of web content (and their origins) have access to the current resource and, thus, can be loaded by the browser.


Access-Control-Allow-Origin: directive

The directive is set to either of the following:

Directive Description
* This is a wildcard that tells browsers to allow requests from any content origin to access the resource.
origin A single, specific origin of content made of a scheme/protocol, hostname, and port (e.g., a URL).
null Sets the origin to null (however, this should be avoided in most cases).


The following is an example of a response header that is set to accept requests from the origin, ““:


All contributors

Looking to contribute?

Learn More on Codecademy