How many and which resources have Timing-Allow-Origin for Resource Timing?


Ilya’s post Measuring network performance with Resource Timing API had two pieces of information that surprised me:

  • The Resource Timing API is supported in Chrome, Opera, and IE10+. I knew that each of these browsers had individually added support for Resource Timing, but I had never seen them listed together. These browsers represent a significant percentage of overall Web traffic so we can get some good stats with just these three.
  • Facebook, Google, and Disqus worked together to add the Timing-Allow-Origin response header. This is required to measure the timing of resource from a different origin (for privacy reasons). Some 3rd party content providers might be hesitant to allow website owners to measure 3rd party performance. It’s great that these companies took the first step.

I wanted to use the HTTP Archive data to see how many resources have the Timing-Allow-Origin response header and where they’re coming from.

The total number of requests for the Nov 15 2013 crawl is 27,889,759. Out of those, 342,957 have the Timing-Allow-Origin response header - that’s 1.2%. Not bad for early days.

SELECT count(*)
FROM [httparchive:runs.2013_11_15_requests]
total requsts = 27889759

SELECT count(*)
FROM [httparchive:runs.2013_11_15_requests]
WHERE lower(respOtherHeaders) contains "timing-allow-origin"

Facebook and Google are the most popular domains serving these resources, but other content providers like Spil Games and are also showing support:

SELECT domain(url) as domain, count(*) as num
FROM [httparchive:runs.2013_11_15_requests]
WHERE lower(respOtherHeaders) contains "timing-allow-origin"
GROUP BY domain ORDER BY num desc

Facebook and Google have the most popular resources being served with this header:

SELECT url, count(*) as num
FROM [httparchive:runs.2013_11_15_requests]
WHERE lower(respOtherHeaders) contains "timing-allow-origin"
GROUP BY url ORDER BY num desc

I’d love to see Google Analytics, Twitter, and Doubleclick add this response header so website owners can better understand what’s having an impact on their page’s load times.


Happy to see this. mPulse also includes the timing-allow-origin response on boomerang requests.


Awesome. Hope to see this more popular widget / library providers on this list soon!

Quick note: It’ll be interesting to rerun this list on the Dec 15th crawl. Back in November we were still in early stages of rolling out RT support across Google Fonts / Google+ / Google Libraries (CDN). I expect those numbers to be much higher in the next run!


For those having Timing-Allow-Origin header, no one is setting it to anything other than “*”

SELECT url, respOtherHeaders, count(*) as num
FROM [httparchive:runs.latest_requests]
  lower(respOtherHeaders) contains "timing-allow-origin" and
  not lower(respOtherHeaders) contains "timing-allow-origin = *"
GROUP BY url, respOtherHeaders ORDER BY num desc

There are only a few occurrences, mainly garbage from for both desktop and mobile.


Update May 15 2014: In the May 15 crawl there were 1,392,034 responses with Timing-Allow-Origin out of 27655500 total requests (5%). A nice increase!


Update - In the Jan 01 2015 crawl, there were 44,981,766 requests with 2,902,254 set with “timing-allow-origin” - 6.5%


February 15 crawl: 6,942,158 out of 50,088,983 requests (13.86%)


Love to see this periodically updated with the latest data.

I put together a query to generate a timeseries:

  REPLACE(SUBSTR(_TABLE_SUFFIX, 0, 10), '_', '-') AS date,
  SUM(IF(LOWER(respOtherHeaders) LIKE "%timing-allow-origin%", 1, 0)) / COUNT(0) AS pctAllowTiming

Run it on BigQuery (warning: this query consumes 431 GB, about half of the free monthly quota)

The growth is slow but steady.


Explore the raw results

If there’s interest, I could put together a report on the site of popular HTTP headers and track adoption across desktop/mobile.