Access-Control-Allow-Origin

Published Aug 18, 2022

Access-Control-Allow-Origin in a CORS response header that tells which requests from other pieces of web content (and their origins) have access to the current resource and, thus, can be loaded by the browser.

Syntax

Access-Control-Allow-Origin: directive

The directive is set to either of the following:

Directive	Description
`*`	This is a wildcard that tells browsers to allow requests from any content `origin` to access the resource.
`origin`	A single, specific `origin` of content made of a scheme/protocol, hostname, and port (e.g., a URL).
`null`	Sets the `origin` to `null` (however, this should be avoided in most cases).

Example

The following is an example of a response header that is set to accept requests from the origin, “https://www.codecademy.com/learn“:

Access-Control-Allow-Origin: https://www.codecademy.com/learn

All contributors

BrandonDusch

BrandonDusch

Looking to contribute?

Learn more about how to get involved.
Edit this page on GitHub to fix an error or make an improvement.
Submit feedback to let us know how we can improve Docs.

Learn More on Codecademy

Career path

Full-Stack Engineer

A full-stack engineer can get a project done from start to finish, back-end to front-end.

Includes 51 Courses

With Professional Certification

Beginner Friendly

162 Lessons

Free course

Learn JavaScript

Learn how to use JavaScript — a powerful and flexible programming language for adding website interactivity.

Beginner Friendly

11 Lessons

Access-Control-Allow-Origin

Syntax

Example

All contributors

Looking to contribute?

Learn More on Codecademy

Full-Stack Engineer

Learn JavaScript

Resources

Support

Resources

Support

Plans

Community

Subjects

Languages

Career building

Mobile

Mobile