Sec-Purpose

The Sec-Purpose fetch metadata request header indicates the purpose for which the requested resource will be used, when that purpose is something other than immediate use by the user-agent.

The only purpose that is currently defined is prefetch , which indicates that the resource is being requested in anticipation that it will be needed by a page that is likely to be navigated to in the near future, such as a page linked in search results or a link that a user has hovered over. The server can use this knowledge to: adjust the caching expiry for the request, disallow the request, or perhaps to treat it differently when counting page visits.

The header is sent when a page is loaded that has a <link> element with attribute rel="prefetch" . Note that if this header is set then a Sec-Fetch-Dest header in the request must be set to empty (any value in the <link> attribute as is ignored) and the Accept header should match the value used for normal navigation requests.

Header type Fetch Metadata Request Header
Forbidden header name yes (prefix Sec- )
CORS-safelisted request header no

Syntax

http 
Sec-Purpose
:
 prefetch

Directives

The allowed tokens are:

prefetch

The purpose is to prefetch a resource that may be needed in a probable future navigation.

Examples

A prefetch request

Consider the case where a browser loads a file with a <link> element that has the attribute rel="prefetch" and an href attribute containing the address of an image file. The resulting fetch() should result in an HTTP request where Sec-Purpose: prefetch , Sec-Fetch-Dest: empty , and an Accept value that is the same as the browser uses for page navigation.

An example of such a header (on Firefox) is given below:

http 
GET
 /
images
/
some_image.png
 HTTP/1.1

Host
:
 example.com

User-Agent
:
 Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0

Accept
:
 text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language
:
 en-US,en;q=0.5

Accept-Encoding
:
 gzip, deflate, br

Sec-Purpose
:
 prefetch

Connection
:
 keep-alive

Sec-Fetch-Dest
:
 empty

Sec-Fetch-Mode
:
 no-cors

Sec-Fetch-Site
:
 same-origin

Pragma
:
 no-cache

Cache-Control
:
 no-cache

Note: At time of writing FireFox incorrectly sets the Accept header as Accept: */* for prefetches. The example has been modified to show what the Accept value should be. This issue can be tracked in Firefox bug 1836334 .

Specifications

Specification
Fetch Standard
# sec-purpose-header
Prefetch
# sec-purpose-header

Browser compatibility

BCD tables only load in the browser

See also