Origin
header values or IP addresses.
Origin
header, allowing only requests from specific domains or subdomains.Origin
header sent by browsers and applications.
myapp.com
, or myapp.example.com
, or *.myapp.com
).myapp.com
, app.example.com
*.example.com
(matches any subdomain of example.com)*
character to match any subdomain. For example, *.example.com
will match app.example.com
, api.example.com
, and staging.example.com
.192.168.1.100
2001:db8::1
app.mycompany.com
, staging.mycompany.com
, dev.mycompany.com
, etc.
Origin
header. Modern browsers automatically include this header for cross-origin requests.