Draft
This page is not complete.
The Sec-Fetch-Site fetch metadata header indicates the relationship between a request initiator's origin and the origin of the resource.
| Header type | Fetch Metadata Request Header |
|---|---|
| Forbidden header name | yes, since it has prefix Sec- |
| CORS-safelisted response header | |
| CORS-safelisted request header |
Syntax
Sec-Fetch-Site: cross-site
Sec-Fetch-Site: same-origin
Sec-Fetch-Site: same-site
Sec-Fetch-Site: none
Values
cross-sitesame-originsame-sitenone- This request does not relate to any context like site, origin, or frame. This can happen when user had initiated this request by, e.g. directly entering a URL in the address bar, opening a bookmark, or dragging-and-dropping a file into the browser window.
Examples
TODO
Specifications
| Specification | Status | Comment |
|---|---|---|
| Fetch Metadata Request Headers The definition of 'Sec-Fetch-Site' in that specification. |
Editor's Draft | Initial definition |
Browser compatibility
BCD tables only load in the browser