Search RFCs
RFC 6454
The Web Origin Concept,December 2011
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC6454
Discuss this RFC: Send questions or comments to the mailing listwebsec@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 6454
Abstract
This document defines the concept of an "origin", which is often usedas the scope of authority or privilege by user agents. Typically,user agents isolate content retrieved from different origins toprevent malicious web site operators from interfering with theoperation of benign web sites. In addition to outlining theprinciples that underlie the concept of origin, this document detailshow to determine the origin of a URI and how to serialize an origininto a string. It also defines an HTTP header field, named "Origin",that indicates which origins are associated with an HTTP request. [STANDARDS-TRACK]
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.