diff --git a/fetch.bs b/fetch.bs
index 3b18c5a7..8abe2de7 100644
--- a/fetch.bs
+++ b/fetch.bs
@@ -3133,6 +3133,32 @@ or an <a>implementation-defined</a> value.
 </div>
 
 
+<h3 id=storage-keys-for-requests>Storage keys for requests</h3>
+
+<p class=note>Requests made to Blob URLs (other than those corresponding to navigations) are
+prevented from succeeding if the <a spec=storage>storage key</a> of the
+<a>environment settings object</a> making the request is different than the
+<a spec=storage>storage key</a> of the <a>environment settings object</a> corresponding to where
+the Blob URL was created.
+
+<div algorithm>
+<p>To <dfn for=request>determine the storage key</dfn>, given a <a for=/>request</a>
+<var>request</var>:
+
+<ol>
+ <li><p>If <var>request</var>'s <a for=request>reserved client</a> is non-null, then return the
+ result of running <a for=/>obtain a storage key for non-storage purposes</a> given
+ <var>request</var>'s <a for=request>reserved client</a>.
+
+ <li><p>If <var>request</var>'s <a for=request>client</a> is non-null, then return the result of
+ running <a for=/>obtain a storage key for non-storage purposes</a> given <var>request</var>'s
+ <a for=request>client</a>.
+
+ <li><p>Return null.
+</ol>
+</div>
+
+
 <h3 id=http-cache-partitions>HTTP cache partitions</h3>
 
 <div algorithm>
@@ -4978,6 +5004,29 @@ steps:
       <p class=note>The `<code>GET</code>` <a for=/>method</a> restriction serves no useful purpose
       other than being interoperable.
 
+     <li>
+      <p>Let <var>blobStorageKey</var> be the result of running
+      <a>obtain a storage key for non-storage purposes</a> with <var>blobURLEntry</var>'s
+      <a>environment settings object</a>.
+
+     <li>
+      <p>Let <var>requestStorageKey</var> be the result of
+      <a for=request>determining the storage key</a> given <var>request</var>.
+
+     <li>
+      <p>If all of the following conditions are true:
+
+      <ul class=brief>
+       <li><p><var>request</var>'s <a for=request>mode</a> is not "<code>navigate</code>"
+
+       <li><p><var>requestStorageKey</var> is non-null
+
+       <li><p><var>requestStorageKey</var> does not <a for="storage key">equal</a>
+       <var>blobStorageKey</var>
+      </ul>
+
+      <p>then return a <a>network error</a>.
+
      <li><p>Let <var>blob</var> be <var>blobURLEntry</var>'s <a for="blob URL entry">object</a>.
 
      <li><p>Let <var>response</var> be a new <a for=/>response</a>.
@@ -9042,6 +9091,7 @@ Alexey Proskuryakov,
 Andreas Kling,
 Andrés Gutiérrez,
 Andrew Sutherland,
+Andrew Williams,<!-- recvfrom; GitHub -->
 Ángel González,
 Anssi Kostiainen,
 Arkadiusz Michalski,
