# Firefox 90, Fetch Metadata Request Headers 지원

> Clean Markdown view of GeekNews topic #4601. Use the original source for factual precision when an external source URL is present.

## Metadata

- GeekNews HTML: [https://news.hada.io/topic?id=4601](https://news.hada.io/topic?id=4601)
- GeekNews Markdown: [https://news.hada.io/topic/4601.md](https://news.hada.io/topic/4601.md)
- Type: news
- Author: [xguru](https://news.hada.io/@xguru)
- Published: 2021-07-13T09:32:41+09:00
- Updated: 2021-07-13T09:32:41+09:00
- Original source: [blog.mozilla.org](https://blog.mozilla.org/security/2021/07/12/firefox-90-supports-fetch-metadata-request-headers/)
- Points: 7
- Comments: 1

## Topic Body

- 웹 어플리케이션들이 CSRF, XS-Leaks, Spectre 등의 크로스 사이트 공격으로부터 자신을 보호 가능

- Sec-Fetch-* 로 시작하는 Fetch Metadata 헤더를 기본 전송해서 서버측에서 요청들을 구분

ㅤ→ Sec-Fetch-Site : same-origin, same-site, cross-site, none

ㅤ→ Sec-Fetch-Mode : cors, navigate, no-cors, same-origin, websocket

ㅤ→ Sec-Fetch-User : ?0 또는 ?1

ㅤ→ Sec-Fetch-Dest : audio, audioworklet, document, embed, empty, font, image, manifest, object, paintworklet, report, script, serviceworker, sharedworker, style, track, video, worker, xslt

* CSRF : Cross-Site Request Forgery

* XS-Leaks : Cross-Site Leaks

* Spectre : Speculative Cross-site Execution Side Channel

## Comments



### Comment 5674

- Author: xguru
- Created: 2021-07-13T09:32:54+09:00
- Points: 2

Fetch Metadata Request Headers 는 W3C Working Draft 단계입니다

- https://www.w3.org/TR/fetch-metadata/

- Protect your resources from web attacks with Fetch Metadata https://web.dev/fetch-metadata/

크롬 및 크로미엄 기반 브라우저들은 76버전 부터 데스크탑/안드로이드/웹뷰 까지 모두 지원 합니다.

- https://www.chromestatus.com/feature/5155867204780032

IE(6~11) 랑 Safari(맥/iOS) 빼면 대부분 적용 가능합니다.

- https://caniuse.com/?search=sec-fetch