The HTTP Sec-Fetch-Site header is used to identify the relationship between the requestor’s origin and the resource’s origin. This is important for identifying cross-origin HTTP requests and handling them appropriately.
If the server opts to reject the HTTP request based on this HTTP header, the HTTP 403 Forbidden error message is to be returned by default.
The directives are
cross-site directive implies that the requestor and server have different sites. The
same-site directive implies that they are co-hosted in the domain and/or subdomain, although they do not have to be hosted on the same port. The
same-origin directive is used when the two endpoints have the same origin, which is the scheme, host, and port. Finally, the
none directive means that it is a user-originated operation, such as typing a URL into the address bar or navigating by using a bookmark on the client’s browser.
The HTTP Sec-Fetch-Site request header is used to inform the server concerning the relationship between the requestor’s site and the target resource’s site.