files/en-us/web/http/reference/headers/sec-fetch-storage-access/index.md
The HTTP Sec-Fetch-Storage-Access {{Glossary("fetch metadata request header")}} provides the "storage access status" for the current fetch context.
The status can indicate that permission to access unpartitioned third-party cookies:
Supporting browsers must include this header on cross-site requests when the request credential mode is include.
The header should not be sent with same-site requests (since those requests cannot involve cross-site cookies), or if the request's credentials mode is "omit".
The requested resource must also have a potentially trustworthy origin.
If a storage access permission has been granted but not activated, a server can respond with {{httpheader("Activate-Storage-Access")}} to request activation of the permission for the context. For more information see Storage access headers in the Storage Access API overview.
<table class="properties"> <tbody> <tr> <th scope="row">Header type</th> <td>{{Glossary("Fetch Metadata Request Header")}}</td> </tr> <tr> <th scope="row">{{Glossary("Forbidden request header")}}</th> <td>Yes (<code>Sec-</code> prefix)</td> </tr> <tr> <th scope="row"> {{Glossary("CORS-safelisted request header")}} </th> <td>No</td> </tr> </tbody> </table>Sec-Fetch-Storage-Access: none
Sec-Fetch-Storage-Access: inactive
Sec-Fetch-Storage-Access: active
A value indicating the storage access status for the current fetch context. The following values are allowed (servers should ignore other values):
none
storage-access permission or access to unpartitioned cookies.inactive
storage-access permission, but has not opted into using it (and does not have unpartitioned cookie access through other means).
If this value is set, then the {{httpheader("Origin")}} request header should also be set.active
See Examples in {{httpheader("Activate-Storage-Access")}}.
{{Specifications}}
{{Compat}}