About

A request is:

• same-site if its target's URI's origin's registrable domain is an exact match for the request's initiator's (the parent or referer))
• and cross-site otherwise.

In security terms, it's known as first-party context.

Example

• login.example.com and blog.example.com will trigger same-site request because they share the same domain.