Sec-Fetch-Site Header

Table of Content

The Sec-Fetch-Site header is a feature in the Fetch Metadata Request Headers. It provides a request context that describes the relationship between the resource request initiater and the target website. This information is usually used to make decisions in different web security contexts. For instance, it aids in identifying data breaches or recognizing cross-origin requests.


Sec-Fetch-Site: cross-site | same-origin | same-site | none 


cross-site: This value specifies that the request came from a different site or origin.

same-origin: This indicates the request originated from the same site.

same-site: This implies that the request is from the same site but not necessarily the same origin.

none: This indicates that the request was made in the context of the user navigating the browser.


A typical usage of the header might look like this:

GET /resource.jpg HTTP/1.1
Sec-Fetch-Site: cross-site

This shows a request being made from a different site.

Browser Compatibility

Browser Compatibility
Chrome Supported
Firefox Not Supported
Safari Not Supported
Opera Supported
Edge Supported

How to modify Sec-Fetch-Site header

ModHeader is a Chrome extension for modifying HTTP request headers. Using ModHeader to modify the Sec-Fetch-Site header is relatively simple.

First, install the ModHeader extension from the Chrome Web Store.

Next, open up the extension, hit the add button 'plus' sign, input Sec-Fetch-Site in the 'Header Name' field and one of cross-site, same-origin, same-site, or none in the 'Header Value' field.

Modifying this header can be useful in testing server responses to different types of resource requests - it could be part of your testing regimen for enhancing your site's security mechanisms.