Draft
This page is not complete.
The Sec-Fetch-Site
fetch metadata header indicates the relationship between a request initiator's origin and the origin of the resource.
Header type | Fetch Metadata Request Header |
---|---|
Forbidden header name | yes, since it has prefix Sec- |
CORS-safelisted response header | |
CORS-safelisted request header |
Syntax
Sec-Fetch-Site: cross-site Sec-Fetch-Site: same-origin Sec-Fetch-Site: same-site Sec-Fetch-Site: none
Values
cross-site
same-origin
same-site
none
- This request does not relate to any context like site, origin, or frame. This can happen when user had initiated this request by, e.g. directly entering a URL in the address bar, opening a bookmark, or draging-and-dropping a file into the browser window.
Examples
TODO
Specifications
Specification | Title |
---|---|
Fetch Metadata Request Headers | The Sec-Fetch-Site HTTP Request Header |
Browser compatibility
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Sec-Fetch-Site | Chrome Full support 76 | Edge Full support 79 | Firefox No support No | IE No support No | Opera Full support 63 | Safari No support No | WebView Android Full support 76 | Chrome Android Full support 76 | Firefox Android No support No | Opera Android Full support 54 | Safari iOS No support No | Samsung Internet Android No support No |
Legend
- Full support
- Full support
- No support
- No support
- Experimental. Expect behavior to change in the future.
- Experimental. Expect behavior to change in the future.