How to Send Origin Header with curl

This article explains how to send a custom Origin HTTP header using the curl command-line tool. You will learn the exact command-line flags required to set this header, which is essential for testing Cross-Origin Resource Sharing (CORS) configurations and API security policies.

To send an Origin header with curl, use the -H (or --header) option followed by the header name and its value in quotes.

Basic Syntax

Here is the standard command to send a GET request with an Origin header:

curl -H "Origin: https://yourdomain.com" https://api.example.com

How It Works

• -H or --header: This flag tells curl to include an extra HTTP header in the request.
• "Origin: https://yourdomain.com": This is the header key-value pair. The Origin header indicates where the request originates from (typically the scheme, host, and port of the requesting application).
• https://api.example.com: This is the destination URL of the server or API you are testing.

Sending Origin with a POST Request

If you need to test CORS on a POST request, you can combine the -H flag with the -X POST option and include any necessary data using the -d flag:

curl -X POST \
     -H "Origin: https://yourdomain.com" \
     -H "Content-Type: application/json" \
     -d '{"key": "value"}' \
     https://api.example.com/data

Inspecting the Response Headers

When testing CORS, you usually want to verify if the server responds with the correct Access-Control-Allow-Origin header. To view the response headers in your terminal, add the -I (fetch headers only) or -i (include headers in the output) option:

curl -I -H "Origin: https://yourdomain.com" https://api.example.com