Sec-Fetch-Site

Draft

This page is not complete.

The Sec-Fetch-Site fetch metadata header indicates the relationship between a request initiator's origin and the origin of the resource.

Header type Fetch Metadata Request Header
Forbidden header name yes, since it has prefix Sec-
CORS-safelisted response header
CORS-safelisted request header

Syntax

Sec-Fetch-Site: cross-site
Sec-Fetch-Site: same-origin
Sec-Fetch-Site: same-site
Sec-Fetch-Site: none

Values

cross-site
same-origin
same-site
none
This request does not relate to any context like site, origin, or frame. This can happen when user had initiated this request by, e.g. directly entering a URL in the address bar, opening a bookmark, or dragging-and-dropping a file into the browser window.

Examples

TODO

Specifications

Specification Status Comment
Fetch Metadata Request Headers
The definition of 'Sec-Fetch-Site' in that specification.
Editor's Draft Initial definition

Browser compatibility

BCD tables only load in the browser

See also