Sec-Fetch-User

The Sec-Fetch-User fetch metadata request header is only sent for requests initiated by user activation, and its value will always be ?1.

A server can use this header to identify whether a navigation request from a document, iframe, etc., was originated by the user.

Header type	Fetch Metadata Request Header
Forbidden header name	yes (prefix `Sec-`)
CORS-safelisted request header	no

Syntax

Sec-Fetch-User: ?1

Directives

The value will always be ?1. When a request is triggered by something other than a user activation, the spec requires browsers to omit the header completely.

Examples

If a user clicks on a page link to another page on the same origin, the resulting request would have the following headers:

Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

Specifications

Specification
Fetch Metadata Request Headers (Fetch Metadata) # sec-fetch-user-header

Browser compatibility

Report problems with this compatibility data on GitHub

	desktop						mobile
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari	WebView Android	Chrome Android	Firefox for Android	Opera Android	Safari on iOS	Samsung Internet
`Sec-Fetch-User`	ChromeFull support76	EdgeFull support79	FirefoxFull support90	Internet ExplorerNo supportNo	OperaFull support63	SafariNo supportNo	WebView AndroidFull support76	Chrome AndroidFull support76	Firefox for AndroidFull support90	Opera AndroidFull support54	Safari on iOSNo supportNo	Samsung InternetNo supportNo

Legend

Full supportFull support

No supportNo support

archive.today webpage capture	Saved from		12 Jul 2021 16:02:32 UTC
	All snapshots	from host developer.mozilla.org
Webpage Screenshot
		share download .zip report bug or abuse Buy me a coffee

Sec-Fetch-User - HTTP | MDN