Content Services Team (Production)

$opt_dummy_attribute

Non-Student Users

Handshake Pilot (Prod)

Anonymous Users

Pro Lite GTM (Production)

Admin Users

Optimizely Test Users

Career Journey Switch (Production)

Billing Update Modal (Production)

Author Users

Career Journey Scaling (Production)

Free Users

Non-India Users

Optimizely-Generated Audience for Backwards Compatibility

student

anonymous

admin

optimizely_test_user

author

free

Full-Stack Engineer

Learn JavaScript

Determines which requests from other pieces of web content have access to the current resource.


**`Access-Control-Allow-Origin`** in a CORS response header that tells which requests from other pieces of web content (and their `origin`s) have access to the current resource and, thus, can be loaded by the browser.

## Syntax

```pseudo
Access-Control-Allow-Origin: directive
```

The `directive` is set to either of the following:

| Directive | Description                                                                                                                                                                           |
| :-------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|    `*`    | This is a wildcard that tells browsers to allow requests from any content `origin` to access the resource.                                                                            |
| `origin`  | A single, specific `origin` of content made of a scheme/protocol, hostname, and port (e.g., a [URL](https://www.codecademy.com/resources/docs/general/url)).                          |
|  `null`   | Sets the `origin` to `null` (however, this should be [avoided](https://w3c.github.io/webappsec-cors-for-developers/#avoid-returning-access-control-allow-origin-null) in most cases). |

## Example

The following is an example of a response header that is set to accept requests from the `origin`, "https://www.codecademy.com/learn":

```shell
Access-Control-Allow-Origin: https://www.codecademy.com/learn
```


Access-Control-Allow-Origin

General Terms

Back to General

General

Directive	Description
`*`	This is a wildcard that tells browsers to allow requests from any content `origin` to access the resource.
`origin`	A single, specific `origin` of content made of a scheme/protocol, hostname, and port (e.g., a URL).
`null`	Sets the `origin` to `null` (however, this should be avoided in most cases).

Access-Control-Allow-Origin

Syntax

Example

Contributors

Learn More on Codecademy

Full-Stack Engineer

Learn JavaScript

Contributors

Resources

Support

Resources

Support

Plans

Community

Subjects

Languages

Career building

Mobile

Mobile