Draft
This page is not complete.
The Sec-Fetch-Site fetch metadata header indicates the relationship between a request initiator's origin and the origin of the resource.
| Header type | Fetch Metadata Request Header |
|---|---|
| Forbidden header name | yes, since it has prefix Sec- |
| CORS-safelisted response header | |
| CORS-safelisted request header |
Syntax
Sec-Fetch-Site: cross-site Sec-Fetch-Site: same-origin Sec-Fetch-Site: same-site Sec-Fetch-Site: none
Values
cross-sitesame-originsame-sitenone- This request does not relate to any context like site, origin, or frame. This can happen when user had initiated this request by, e.g. directly entering a URL in the address bar, opening a bookmark, or draging-and-dropping a file into the browser window.
Examples
TODO
Specifications
| Specification | Title |
|---|---|
| Fetch Metadata Request Headers | The Sec-Fetch-Site HTTP Request Header |
Browser compatibility
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Sec-Fetch-Site | Chrome Full support 76 | Edge Full support 79 | Firefox No support No | IE No support No | Opera Full support 63 | Safari No support No | WebView Android Full support 76 | Chrome Android Full support 76 | Firefox Android No support No | Opera Android Full support 54 | Safari iOS No support No | Samsung Internet Android No support No |
Legend
- Full support
- Full support
- No support
- No support
- Experimental. Expect behavior to change in the future.
- Experimental. Expect behavior to change in the future.