Access-Control-Allow-Origin

Access-Control-Allow-Origin in a CORS response header that tells which requests from other pieces of web content (and their origins) have access to the current resource and, thus, can be loaded by the browser.

Syntax

Access-Control-Allow-Origin: directive

The directive is set to either of the following:

Directive Description
* This is a wildcard that tells browsers to allow requests from any content origin to access the resource.
origin A single, specific origin of content made of a scheme/protocol, hostname, and port (e.g., a URL).
null Sets the origin to null (however, this should be avoided in most cases).

Example

The following is an example of a response header that is set to accept requests from the origin, “https://www.codecademy.com/learn":

Access-Control-Allow-Origin: https://www.codecademy.com/learn

Contributors

Interested in helping build Docs? Read the Contribution Guide or share your thoughts in this feedback form.

Learn More on Codecademy