Reputation: 1396
Header Origin vs Host
I have a question about the working of the Origin and Host HTTP headers.
I have an Ajax page "Page A" which will call the Ajax feed "Page B".
I saw that the request header of "Page B" from the Ajax call contains the headers:
Origin: http://example.com
Host: example.com
However, if I call the "Page B" directly, the request header will only contain the Host header:
Host: example.com
Thus, I want to know what is the difference between the Origin and Host headers, and why they show up on non-direct calls?
Can Origin be prepended and passed to server?
Upvotes: 55
Views: 50999
Answers (1)
Reputation: 47937
The Host is the domain the request is being sent to. This header was introduced so hosting sites could include multiple domains on a single IP.
The Origin header is the domain the request originates from.
The Host header is always included. The Origin header is included sometimes: It is always included on cross-origin requests (across all browsers), and in Chrome/Safari, it is also included on same-origin PUT/POST/DELETE requests. Same-origin GET requests do not include an Origin header.
Upvotes: 116
Related Questions
- When do browsers send the Origin header? When do browsers set the origin to null?
- Does the presence of an Origin header imply a CORS request
- Why is the origin header sent for same-origin requests?
- Why is the browser not throwing an error when setting X-Requested-With header when calling another domain?
- Difference between origin and x-forwarded-host http header
- Browser not setting the origin header for cross origin requests?
- Do I need Access-Control-Allow-Origin-Header when requesting from subdomain of same domain?
- Cross Domain 'Http Head' Request
- Origin and Host headers for same domain requests
- Why does an XMLHttpRequest include an Origin header?