Sec-Fetch-User

Baseline 2023

Newly available

Since March 2023, this feature works across the latest devices and browser versions. This feature might not work in older devices or browsers.

The HTTP Sec-Fetch-User fetch metadata request header is sent for requests initiated by user activation, and its value is always ?1.

A server can use this header to identify whether a navigation request from a document, iframe, etc., was originated by the user.

Header type Fetch Metadata Request Header
Forbidden header name Yes (Sec- prefix)
CORS-safelisted request header No

Syntax

http
Sec-Fetch-User: ?1

Directives

The value will always be ?1. When a request is triggered by something other than a user activation, the spec requires browsers to omit the header completely.

Examples

Using Sec-Fetch-User

If a user clicks on a page link to another page on the same origin, the resulting request would have the following headers:

http
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

Specifications

Specification
Fetch Metadata Request Headers
# sec-fetch-user-header

Browser compatibility

BCD tables only load in the browser

See also