Sec-Purpose header
Limited availability
This feature is not Baseline because it does not work in some of the most widely-used browsers.
The HTTPSec-Purposefetch metadata request header indicates the purpose for which the requested resource will be used, when that purpose is something other than immediate use by the user-agent.
The only purpose that is currently defined isprefetch, which indicates that the resource is being requested in anticipation that it will be needed by a page that is likely to be navigated to in the near future, such as a page linked in search results or a link that a user has hovered over.The server can use this knowledge to: adjust the caching expiry for the request, disallow the request, or perhaps to treat it differently when counting page visits.
The header is sent when a page is loaded that has a<link> element with attributerel="prefetch".Note that if this header is set then aSec-Fetch-Dest header in the request must be set toempty (any value in the<link> attributeas is ignored) and theAccept header should match the value used for normal navigation requests.
| Header type | Fetch Metadata Request Header |
|---|---|
| Forbidden request header | Yes (Sec- prefix) |
| CORS-safelisted request header | No |
Syntax
Sec-Purpose: prefetchDirectives
The allowed tokens are:
prefetchThe purpose is to prefetch a resource that may be needed in a probable future navigation.
Examples
A prefetch request
Consider the case where a browser loads a file with a<link> element that has the attributerel="prefetch" and anhref attribute containing the address of an image file.The resultingfetch() should result in an HTTP request whereSec-Purpose: prefetch,Sec-Fetch-Dest: empty, and anAccept value that is the same as the browser uses for page navigation.
An example of such a header (on Firefox) is given below:
GET /images/some_image.png HTTP/1.1Host: example.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-Purpose: prefetchConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: no-corsSec-Fetch-Site: same-originPragma: no-cacheCache-Control: no-cacheNote:At time of writing Firefox incorrectly sets theAccept header asAccept: */* for prefetches.The example has been modified to show what theAccept value should be.This issue can be tracked inFirefox bug 1836334.
Specifications
| Specification |
|---|
| Fetch # sec-purpose-header |
| Prefetch # sec-purpose-header |
Browser compatibility
See also
Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,Sec-Fetch-Userfetch metadata request headers- Prefetch (Glossary)
<link>element with attributerel="prefetch"