If understanding Origin isn't part of what a frontend developer needs know, kind of feels like nothing is. You need to understand that part to even know what APIs are available to you, without a "secure origin" you won't have access to cryptography, geolocation and a whole host of other JS APIs, as just one example. Understanding why HTTP requests works against one API but not the other also feels like pretty trivial troubleshooting skills.
I'm not saying people should make hiring decisions based on one question that people may not have in the forefront of their mind, but evaluating if a web backend developer understands HTTP or if a frontend developer understands Origins feels like pretty bare minimum here. If you don't recall 100% of the details, surely you must remember some, or if reminded, some details about it are remembered. Otherwise, maybe you actually have lost the expertise since then? That's a useful signal too.
I'm not saying people should make hiring decisions based on one question that people may not have in the forefront of their mind, but evaluating if a web backend developer understands HTTP or if a frontend developer understands Origins feels like pretty bare minimum here. If you don't recall 100% of the details, surely you must remember some, or if reminded, some details about it are remembered. Otherwise, maybe you actually have lost the expertise since then? That's a useful signal too.