Sec-Fetch-Dest header

Baseline 2023 *
Newly available

Since March 2023, this feature works across the latest devices and browser versions. This feature might not work in older devices or browsers.

* Some parts of this feature may have varying levels of support.

The HTTP Sec-Fetch-Dest fetch metadata request header indicates the request's destination. That is the initiator of the original fetch request, which is where (and how) the fetched data will be used.

This allows servers to determine whether to service a request based on whether it is appropriate for how it is expected to be used. For example, a request with an audio destination should request audio data, not some other type of resource (for example, a document that includes sensitive user information).

Header type Fetch Metadata Request Header
Forbidden request header Yes (Sec- prefix)
CORS-safelisted request header No

Syntax

http
Sec-Fetch-Dest: audio
Sec-Fetch-Dest: audioworklet
Sec-Fetch-Dest: document
Sec-Fetch-Dest: embed
Sec-Fetch-Dest: empty
Sec-Fetch-Dest: fencedframe
Sec-Fetch-Dest: font
Sec-Fetch-Dest: frame
Sec-Fetch-Dest: iframe
Sec-Fetch-Dest: image
Sec-Fetch-Dest: manifest
Sec-Fetch-Dest: object
Sec-Fetch-Dest: paintworklet
Sec-Fetch-Dest: report
Sec-Fetch-Dest: script
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Dest: sharedworker
Sec-Fetch-Dest: style
Sec-Fetch-Dest: track
Sec-Fetch-Dest: video
Sec-Fetch-Dest: webidentity
Sec-Fetch-Dest: worker
Sec-Fetch-Dest: xslt

Servers should ignore this header if it contains any other value.

Directives

Note: These directives correspond to the values returned by Request.destination.

audio

The destination is audio data. This might originate from an HTML tag.

audioworklet

The destination is data being fetched for use by an audio worklet. This might originate from a call to audioWorklet.addModule().

document

The destination is a document (HTML or XML), and the request is the result of a user-initiated top-level navigation (e.g., resulting from a user clicking a link).

embed

The destination is embedded content. This might originate from an HTML tag.

empty

The destination is the empty string. This is used for destinations that do not have their own value. For example: fetch(), navigator.sendBeacon(), EventSource, XMLHttpRequest, WebSocket, etc.

fencedframe Experimental

The destination is a fenced frame.

font

The destination is a font. This might originate from CSS @font-face.

frame

The destination is a frame. This might originate from an HTML tag.

iframe

The destination is an iframe. This might originate from an HTML