Sec-Fetch-User Header
Table of Content
The Sec-Fetch-User header is a part of the Fetch Metadata Request Headers, used for providing information about how the request was initialized by the user. This header can greatly assist in securing applications by helping them understand the context from which HTTP requests originate and allow them to make informed decisions on applying security policies.
Syntax
The syntax of the Sec-Fetch-User header is straight-forward. It only has two possible values: ?0 and ?1.
Sec-Fetch-User: ?0
Sec-Fetch-User: ?1Directives
Sec-Fetch-User header has two directives:
?0Indicates that the request wasn’t triggered by user activation.?1Indicates that the request was triggered by a user activation.
Examples
In the case where a resource was initiated as a part of the page navigation or the user initiated a resource fetch, the Sec-Fetch-User header would be set to ?1.
GET /page.html HTTP/1.1
Sec-Fetch-User: ?1In other cases, such as when a resource is fetched by a service worker script, the Sec-Fetch-User header would be set to ?0.
GET /style.css HTTP/1.1
Sec-Fetch-User: ?0Browser Compatibility
| Browser | Compatibility |
|---|---|
| Chrome | Supported |
| Firefox | Not Supported |
| Safari | Not Supported |
| Opera | Supported |
| Edge | Supported |
How to modify Sec-Fetch-User header
ModHeader is a Chrome extension that allows you to modify HTTP request headers, making it a powerful tool during the development and debugging process.
To modify the Sec-Fetch-User header:
- Install the ModHeader extension from the Chrome Web Store.
- After installation, click on the ModHeader icon to bring up the extension interface.
- In the 'Request Headers' section, click on 'Add'.
- In the 'Name' field, type
Sec-Fetch-User. - In the 'Value' field, type the value you want to use, for instance,
?1.
Setting this value can help you to observe how your server reacts to different fetch scenarios and tweak your security policy accordingly.