Sec-Fetch-Site

Draft
This page is not complete.

The Sec-Fetch-Site fetch metadata header indicates the relationship between a request initiator's origin and the origin of the resource.

Header type Fetch Metadata Request Header
Forbidden header name yes, since it has prefix Sec-
CORS-safelisted response header
CORS-safelisted request header

Syntax

Sec-Fetch-Site: cross-site
Sec-Fetch-Site: same-origin
Sec-Fetch-Site: same-site
Sec-Fetch-Site: none

Values

cross-site
same-origin
same-site
none
This request does not relate to any context like site, origin, or frame. This can happen when user had initiated this request by, e.g. directly entering a URL in the address bar, opening a bookmark, or draging-and-dropping a file into the browser window.

Examples

TODO

Specifications

Specification Title
Fetch Metadata Request Headers The Sec-Fetch-Site HTTP Request Header

Browser compatibility

DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Sec-Fetch-Site
Experimental
Chrome Full support 76Edge Full support 79Firefox No support NoIE No support NoOpera Full support 63Safari No support NoWebView Android Full support 76Chrome Android Full support 76Firefox Android No support NoOpera Android Full support 54Safari iOS No support NoSamsung Internet Android No support No

Legend

Full support
Full support
No support
No support
Experimental. Expect behavior to change in the future.
Experimental. Expect behavior to change in the future.

See also