diff --git a/.changeset/eager-lizards-stand.md b/.changeset/eager-lizards-stand.md
new file mode 100644
index 000000000..10df2d657
--- /dev/null
+++ b/.changeset/eager-lizards-stand.md
@@ -0,0 +1,5 @@
+---
+'@solana/rpc-transport-http': minor
+---
+
+The React Native and Node builds now permit you to set the `Origin` header. This header continues to be forbidden in the browser build, as it features on the list of forbidden request headers: https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_request_header
diff --git a/packages/rpc-transport-http/src/__tests__/http-transport-headers-test.ts b/packages/rpc-transport-http/src/__tests__/http-transport-headers-test.ts
index a28a90aef..31b24500c 100644
--- a/packages/rpc-transport-http/src/__tests__/http-transport-headers-test.ts
+++ b/packages/rpc-transport-http/src/__tests__/http-transport-headers-test.ts
@@ -27,7 +27,6 @@ describe('assertIsAllowedHttpRequestHeader', () => {
         'Expect',
         'Host',
         'Keep-Alive',
-        'Origin',
         'Permissions-Policy',
         'Proxy-Anything',
         'Proxy-Authenticate',
@@ -64,6 +63,17 @@ describe('assertIsAllowedHttpRequestHeader', () => {
             );
         });
     }
+    if (__BROWSER__) {
+        it('throws when called with the `Origin` header', () => {
+            expect(() => {
+                assertIsAllowedHttpRequestHeaders({ Origin: 'https://spoofed.site' });
+            }).toThrow(
+                new SolanaError(SOLANA_ERROR__RPC__TRANSPORT_HTTP_HEADER_FORBIDDEN, {
+                    headers: ['Origin'],
+                }),
+            );
+        });
+    }
     ['Authorization', 'Content-Language', 'Solana-Client'].forEach(allowedHeader => {
         it('does not throw when called with the header `' + allowedHeader + '`', () => {
             expect(() => {
diff --git a/packages/rpc-transport-http/src/http-transport-headers.ts b/packages/rpc-transport-http/src/http-transport-headers.ts
index 52340838e..d6f89b207 100644
--- a/packages/rpc-transport-http/src/http-transport-headers.ts
+++ b/packages/rpc-transport-http/src/http-transport-headers.ts
@@ -33,7 +33,10 @@ type ForbiddenHeaders =
     | 'Expect'
     | 'Host'
     | 'Keep-Alive'
-    | 'Origin'
+    // Similar to `Accept-Encoding`, we don't have a way to target TypeScript types depending on
+    // which platform you are authoring for. `Origin` is therefore omitted from the forbidden
+    // headers type, but is still a runtime error in dev mode when supplied in a browser context.
+    // | 'Origin'
     | 'Permissions-Policy'
     | 'Referer'
     | 'TE'
@@ -64,7 +67,6 @@ const FORBIDDEN_HEADERS: Record<string, boolean> = /* @__PURE__ */ Object.assign
         expect: true,
         host: true,
         'keep-alive': true,
-        origin: true,
         'permissions-policy': true,
         // Prefix matching is implemented in code, below.
         // 'proxy-': true,
@@ -77,6 +79,7 @@ const FORBIDDEN_HEADERS: Record<string, boolean> = /* @__PURE__ */ Object.assign
         via: true,
     },
     __NODEJS__ ? undefined : { 'accept-encoding': true },
+    __BROWSER__ ? { origin: true } : undefined,
 );
 
 export function assertIsAllowedHttpRequestHeaders(