Sec-Fetch-Site Header
Table of Content
The Sec-Fetch-Site header is a feature in the Fetch Metadata Request Headers. It provides a request context that describes the relationship between the resource request initiater and the target website. This information is usually used to make decisions in different web security contexts. For instance, it aids in identifying data breaches or recognizing cross-origin requests.
Syntax
Sec-Fetch-Site: cross-site | same-origin | same-site | none Directives
cross-site: This value specifies that the request came from a different site or origin.
same-origin: This indicates the request originated from the same site.
same-site: This implies that the request is from the same site but not necessarily the same origin.
none: This indicates that the request was made in the context of the user navigating the browser.
Examples
A typical usage of the header might look like this:
GET /resource.jpg HTTP/1.1
Host: example.com
Sec-Fetch-Site: cross-siteThis shows a request being made from a different site.
Browser Compatibility
| Browser | Compatibility |
|---|---|
| Chrome | Supported |
| Firefox | Not Supported |
| Safari | Not Supported |
| Opera | Supported |
| Edge | Supported |
How to modify Sec-Fetch-Site header
ModHeader is a Chrome extension for modifying HTTP request headers. Using ModHeader to modify the Sec-Fetch-Site header is relatively simple.
First, install the ModHeader extension from the Chrome Web Store.
Next, open up the extension, hit the add button 'plus' sign, input Sec-Fetch-Site in the 'Header Name' field and one of cross-site, same-origin, same-site, or none in the 'Header Value' field.
Modifying this header can be useful in testing server responses to different types of resource requests - it could be part of your testing regimen for enhancing your site's security mechanisms.