Sec-Fetch-User

Baseline 2023
Newly available

Since March 2023, this feature works across the latest devices and browser versions. This feature might not work in older devices or browsers.

The HTTP Sec-Fetch-User fetch metadata request header is sent for requests initiated by user activation, and its value is always ?1.

A server can use this header to identify whether a navigation request from a document, iframe, etc., was originated by the user.

Header type Fetch Metadata Request Header
Forbidden header name Yes (Sec- prefix)
CORS-safelisted request header No

Syntax

http
Sec-Fetch-User: ?1

Directives

The value will always be ?1. When a request is triggered by something other than a user activation, the spec requires browsers to omit the header completely.

Examples

Using Sec-Fetch-User

If a user clicks on a page link to another page on the same origin, the resulting request would have the following headers:

http
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

Specifications

Specification
Fetch Metadata Request Headers
# sec-fetch-user-header

Browser compatibility

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
Sec-Fetch-User

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support

See also