Sec-Fetch-* headers

[iczero]

Hello,

I was curious about how this extension performed network requests. According to Firefox devtools, network requests are sent with:

Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Sec-Fetch-Site: same-origin

whereas "normal" cross-origin navigate is sent with:

Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Sec-Fetch-Site: cross-origin

The purpose of these headers appears to be to indicate how the request was performed (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode). Ad networks may filter "fraud" requests using these headers, as "cors" (for example) is not expected for ad clicks.

I believe Sec-* headers are considered "restricted" and cannot be set by standard fetch, but I am not sure if they are allowed to be set by extensions. Is it possible to spoof these headers as well? It may increase the effectiveness of ad "clicking".