About
A request is:
- same-site if its target's URI's origin's registrable domain is an exact match for the request's initiator's (the parent or referer))
- and cross-site otherwise.
In security terms, it's known as first-party context.
Example
- login.example.com and blog.example.com will trigger same-site request because they share the same domain.