Timing-Allow-Origin header

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since January 2020.

The HTTPTiming-Allow-Originresponse header specifies origins that are allowed to see values of attributes retrieved via features of theResource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.

Header type	Response header

Syntax

http

Timing-Allow-Origin: *Timing-Allow-Origin: <origin>, …, <originN>

Directives

* (wildcard): Any origin may see timing resources.
<origin>: Specifies a URI that may see the timing resources. You can specify multiple origins, separated by commas.

Examples

Using Timing-Allow-Origin

To allow any resource to see timing resources:

http

Timing-Allow-Origin: *

To allowhttps://developer.mozilla.org to see timing resources, you can specify:

http

Timing-Allow-Origin: https://developer.mozilla.org

Specifications

Specification
Resource Timing # sec-timing-allow-origin

Browser compatibility

Help improve MDN

Learn how to contribute

This page was last modified onNov 21, 2025 byMDN contributors.

View this page on GitHub •Report a problem with this content

Movatterモバイル変換

Timing-Allow-Origin header

Syntax

Directives

Examples

Using Timing-Allow-Origin

Specifications

Browser compatibility

See also

Help improve MDN