TYPO3 Core

Example headers:

• HTTP fetch
  • HTTP_SEC_FETCH_DEST: "empty"
  • HTTP_SEC_FETCH_MODE: "cors"
  • HTTP_SEC_FETCH_SITE: "same-origin"

• IFRAME fetch
  • HTTP_SEC_FETCH_DEST: "iframe"
  • HTTP_SEC_FETCH_MODE: "navigate"
  • HTTP_SEC_FETCH_SITE: "cross-site"

Resources:

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode

Integrate RequestPolicy and FetchPolicy

$requestPolicy = (new RequestPolicy())
  ->withFetchPolicy((new FetchPolicy())
    ->withAllowedAbsence(bool)
    ->withFetchDest(string[])
    ->withFetchSite(string[])
    ->withFetchUser(string[])
    ->withFetchMode(string[])
  );