Sec-Fetch-User Header

Table of Content

The Sec-Fetch-User header is a part of the Fetch Metadata Request Headers, used for providing information about how the request was initialized by the user. This header can greatly assist in securing applications by helping them understand the context from which HTTP requests originate and allow them to make informed decisions on applying security policies.


The syntax of the Sec-Fetch-User header is straight-forward. It only has two possible values: ?0 and ?1.

Sec-Fetch-User: ?0
Sec-Fetch-User: ?1


Sec-Fetch-User header has two directives:

  • ?0 Indicates that the request wasn’t triggered by user activation.
  • ?1 Indicates that the request was triggered by a user activation.


In the case where a resource was initiated as a part of the page navigation or the user initiated a resource fetch, the Sec-Fetch-User header would be set to ?1.

GET /page.html HTTP/1.1
Sec-Fetch-User: ?1

In other cases, such as when a resource is fetched by a service worker script, the Sec-Fetch-User header would be set to ?0.

GET /style.css HTTP/1.1
Sec-Fetch-User: ?0

Browser Compatibility

Browser Compatibility
Chrome Supported
Firefox Not Supported
Safari Not Supported
Opera Supported
Edge Supported

How to modify Sec-Fetch-User header

ModHeader is a Chrome extension that allows you to modify HTTP request headers, making it a powerful tool during the development and debugging process.

To modify the Sec-Fetch-User header:

  1. Install the ModHeader extension from the Chrome Web Store.
  2. After installation, click on the ModHeader icon to bring up the extension interface.
  3. In the 'Request Headers' section, click on 'Add'.
  4. In the 'Name' field, type Sec-Fetch-User.
  5. In the 'Value' field, type the value you want to use, for instance, ?1.

Setting this value can help you to observe how your server reacts to different fetch scenarios and tweak your security policy accordingly.