Firefox now supports Fetch Metadata request headers, Mozilla has announced, further protecting users from a number of high-impact web attacks.The new version of the popular browser,is the latest to include the Google-developed privacy feature.
Firefox 90 will feature four different headers Dest, Mode, Site, and User which together allow web applications to protect users against various cross-origin threats, including cross-site request forgery (CSRF), cross-site leaks (XS-Leaks), and Spectre-style side-channel attacks.
The headers provide web servers with extra security information that can help determine whether to block or allow requests.They also allow a user to deploy a Resource Isolation Policy, a strong defense-in-depth mechanism.
This not only helps protect users from the potentially harmful attacks , but also help web servers to differentiate between cross-site and same-origin requests.
Fetch Metadata request headers are already available for Chrome, Edge and Opera, which are also based on the open source Chromium framework.