In browser security, an origin is the combination of a site’s scheme, host, and port. For example, https://example.com:443 has a different origin from http://example.com:80 or https://api.example.com. Browsers use origin to decide whether scripts, requests, and stored data are allowed to interact across sites.
Origin checks matter because many attacks try to confuse the browser about who it is talking to. In DNS rebinding, a malicious site can make a victim’s browser first contact a harmless public address and then “rebind” the same name to an internal service, hoping the browser will still treat it as trusted. If a service relies on weak origin validation, that browser can become a bridge into local or private infrastructure. Defenders should verify origin strictly, avoid trusting DNS alone, and combine origin checks with authentication, network restrictions, and least-privilege access.