Access-Control-Allow-Origin
Published Aug 18, 2022
Contribute to Docs
Access-Control-Allow-Origin in a CORS response header that tells which requests from other pieces of web content (and their origins) have access to the current resource and, thus, can be loaded by the browser.
Syntax
Access-Control-Allow-Origin: directive
The directive is set to either of the following:
| Directive | Description |
|---|---|
* |
This is a wildcard that tells browsers to allow requests from any content origin to access the resource. |
origin |
A single, specific origin of content made of a scheme/protocol, hostname, and port (e.g., a URL). |
null |
Sets the origin to null (however, this should be avoided in most cases). |
Example
The following is an example of a response header that is set to accept requests from the origin, “https://www.codecademy.com/learn“:
Access-Control-Allow-Origin: https://www.codecademy.com/learn
Contribute to Docs
- Learn more about how to get involved.
- Edit this page on GitHub to fix an error or make an improvement.
- Submit feedback to let us know how we can improve Docs.
Learn more on Codecademy
- Career path
Full-Stack Engineer
A full-stack engineer can get a project done from start to finish, back-end to front-end.Includes 51 CoursesWith Professional CertificationBeginner Friendly150 hours - Free course
Learn JavaScript
Learn how to use JavaScript — a powerful and flexible programming language for adding website interactivity.Beginner Friendly15 hours
