Table of Contents
What is a HTTP Same-Site Request?
About
A
request
is:
same-site
if its target's
URI
's origin's
registrable domain
is an exact match for the request's initiator's (the parent or
referer
))
and
cross-site
otherwise.
In security terms, it's known as
first-party context
.
Example
login.example.com
and
blog.example.com
will trigger
same-site
request because they share the same domain.