diff --git a/snappymail/v/0.0.0/app/handle.php b/snappymail/v/0.0.0/app/handle.php
index b83333eb5..cbb54652c 100644
--- a/snappymail/v/0.0.0/app/handle.php
+++ b/snappymail/v/0.0.0/app/handle.php
@@ -28,9 +28,8 @@ if (!\defined('RAINLOOP_APP_LIBRARIES_PATH'))
 
 if (\class_exists('RainLoop\Api'))
 {
-	if (!\SnappyMail\HTTP\SecFetch::isSameOrigin()) {
-		\http_response_code(403);
-		\header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden', true, 403);
+	if (!\SnappyMail\HTTP\SecFetch::isEntering() && !\SnappyMail\HTTP\SecFetch::isSameOrigin()) {
+		\MailSo\Base\Http::StatusHeader(403);
 		exit('Disallowed Sec-Fetch-Site: ' . ($_SERVER['HTTP_SEC_FETCH_SITE'] ?? ''));
 	}
 
diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/http/secfetch.php b/snappymail/v/0.0.0/app/libraries/snappymail/http/secfetch.php
index 50c5d8340..7be575984 100644
--- a/snappymail/v/0.0.0/app/libraries/snappymail/http/secfetch.php
+++ b/snappymail/v/0.0.0/app/libraries/snappymail/http/secfetch.php
@@ -93,30 +93,22 @@ abstract class SecFetch
 		return '?1' === ($_SERVER['HTTP_SEC_FETCH_USER'] ?? '');
 	}
 
-	public static function isSameOrigin() : bool
+	public static function isEntering() : bool
 	{
 		if (!isset($_SERVER['HTTP_SEC_FETCH_SITE'])) {
 			return true;
 		}
 
-		if (static::user()) {
-			return static::dest('document')
-				&& static::mode('navigate')
-				&& 'GET' === $_SERVER['REQUEST_METHOD'];
-		}
+		return static::user()
+			&& static::dest('document')
+			&& static::mode('navigate')
+			&& 'GET' === $_SERVER['REQUEST_METHOD'];
+	}
 
-		/**
-			<script>
-				sec-fetch-dest: script
-				sec-fetch-mode: no-cors
-			window.Fetch
-				sec-fetch-dest: empty
-				sec-fetch-mode: same-origin
-			reload:
-				sec-fetch-dest: document
-				sec-fetch-mode: navigate
-		 */
-		return 'same-origin' === $_SERVER['HTTP_SEC_FETCH_SITE'];
+	public static function isSameOrigin() : bool
+	{
+		return !isset($_SERVER['HTTP_SEC_FETCH_SITE'])
+			|| 'same-origin' === $_SERVER['HTTP_SEC_FETCH_SITE'];
 	}
 
 }