Ollama allowed origins control which browser origins can call the local API from web pages. This matters when a local web app, extension, or development frontend needs browser-based access to localhost:11434.
Set OLLAMA_ORIGINS on the server process before Ollama starts. Use specific origins for development apps instead of broad wildcards on shared machines.
CORS settings affect browser enforcement, not ordinary CLI tools such as curl. Verify with an Origin header and the browser app that will use the API.
Related: How to set the Ollama host address
Related: How to manage the Ollama service
Related: How to check the Ollama API server
$ printf '%s\n' 'http://localhost:3000,https://app.example.com' http://localhost:3000,https://app.example.com
$ OLLAMA_ORIGINS=http://localhost:3000 ollama serve
[Service] Environment="OLLAMA_ORIGINS=http://localhost:3000,https://app.example.com"
$ sudo systemctl daemon-reload $ sudo systemctl restart ollama
Related: How to manage the Ollama service
$ curl -i -H 'Origin: http://localhost:3000' http://localhost:11434/api/version HTTP/1.1 200 OK Access-Control-Allow-Origin: http://localhost:3000 ##### snipped #####