Sec-Fetch-Mode: cors
Sec-Fetch-Mode: navigate
Sec-Fetch-Mode: no-cors
Sec-Fetch-Mode: same-origin
Sec-Fetch-Mode: websocket

Servers should ignore this header if it contains any other value.

cors

The request is a CORS protocol request.

navigate

The request is initiated by navigation between HTML documents.

no-cors

The request is a no-cors request (see Request.mode).

same-origin

The request is made from the same origin as the resource that is being requested.

websocket

The request is being made to establish a WebSocket connection.

If a user clicks on a page link to another page on the same origin, the resulting request would have the following headers (note that the mode is navigate):

Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

A cross-site request generated by an <img> element would result in a request with the following HTTP request headers (note that the mode is no-cors):

Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

• Related headers
  • Sec-Fetch-Dest
  • Sec-Fetch-Site
  • Sec-Fetch-User
• Protect your resources from web attacks with Fetch Metadata (web.dev)
• Fetch Metadata Request Headers playground (secmetadata.appspot.com)