Sec-Fetch-Dest header
Table of Content
The Sec-Fetch-Dest request header is a part of Sec-Fetch metadata headers that are automatically added by the browser. This header indicates the type of the request destination for which the fetched resource will be used. It enables servers to make decisions based on how the user is consuming a resource, providing an additional layer of security.
Syntax
The syntax is as follows:
Sec-Fetch-Dest: typeHere, 'type' is the destination type which will be filled by the browser.
Directives
The directives for the Sec-Fetch-Dest header define the potential values for the 'type' field, which includes: " document ", " audio ", " video ", " embed ", " empty ", " font ", " image ", " manifest ", " object ", " report ", " script ", " serviceworker ", " sharedworker ", " style ", " worker ", " xslt ", and " track ".
Examples
If a request is made to fetch an image, the header will be:
Sec-Fetch-Dest: imageIf a request is made to fetch a document, the header will be:
Sec-Fetch-Dest: documentBrowser Compatibility
| Browser | Compatibility |
|---|---|
| Chrome | Supported |
| Firefox | Not Supported |
| Safari | Not Supported |
| Opera | Supported |
| Edge | Supported |
How to modify Sec-Fetch-Dest header
ModHeader is a Chrome extension that allows you to modify your request headers. Here’s how you can use it to modify the Sec-Fetch-Dest header:
- Install and open ModHeader.
- Click on the '+' button to add a new profile.
- In the 'Request Headers' section, fill 'Sec-Fetch-Dest' in the 'Name' field, and the desired value (e.g. 'image') in the 'Value' field.
By modifying the Sec-Fetch-Dest header, we can instruct the server to interpret the fetch request as intended for a particular purpose, thereby testing how the server responds to different types of request destinations.