🎉 Requestly joins BrowserStack to build the future of application testing. Read more

HTTP Headers

Sec Fetch User

HTTP Header

The HTTP Sec-Fetch-User fetch metadata request header is sent for requests initiated by user activation, and its value is always ?1.

A server can use this header to determine whether a navigation request from a document, iframe, or similar element was triggered by the user.

Syntax

Syntax

http
Sec-Fetch-User: ?1

Directives

The value is always ?1. When a request is initiated by a source other than a user activation, browsers are required to omit this header entirely.

Example

If a user clicks on a page link to another page on the same origin, the resulting request would have the following headers:

http
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

How to Modify Header using Requestly

Requestly is a powerful Chrome extension that allows you to modify HTTP headers, including the Sec-Fetch-User header. This is especially useful for testing how your application behaves with different browsing contexts or user interactions during development or debugging. Steps to Modify the Sec-Fetch-User Header:

  1. Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
  2. Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
  3. Add a new header modification:
    • Under “Action”, select “Add” or “Override”.
    • In the “Header Name” field, enter Sec-Fetch-User.
    • In the “Header Value” field, enter your desired value (e.g., ?1).
  4. Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., https://your-api.com/*).
  5. Save the rule.

Once set up, Requestly will inject the Sec-Fetch-User: ?1 header into all matching requests, allowing you to simulate different user navigation contexts and test how your server or application responds to them. Modifying the Sec-Fetch-User header is helpful because this header signals if a request was triggered by user navigation. Changing it lets developers test how their site behaves under different navigation scenarios or prevent certain requests from being treated as user-initiated, which can affect security or content loading behavior.