Client Hints Infrastructure

Draft Community Group Report,

This version:
https://wicg.github.io/client-hints-infrastructure
Issue Tracking:
GitHub
Inline In Spec
Editor:
Yoav Weiss (Google)

Abstract

Specification of the Client Hints infrastructure and its integration with Fetch and HTML

Status of this document

This specification was published by the Web Platform Incubator Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Contributor License Agreement (CLA) there is a limited opt-out and other conditions apply. Learn more about W3C Community and Business Groups.

1. Introduction

Client Hints is collection of HTTP and user-agent features that enables privacy-preserving, proactive content negotiation with an explicit third-party delegation mechanism:

The goal of Client Hints is to reduce passive fingerprinting on the web while enabling scalable and privacy preserving content adaptation between client and server, via a standardized set of content negotiation primitives at the HTTP and user agent levels.

2. Infrastructure definition

The specification of the Client Hints infrastructure is divided between the following specifications and proposals:

3. Environment settings object processing

3.1. Client hints set

A client hints set is a set of client hints tokens.

3.2. Accept-CH cache

An Accept-CH cache is owned by the user agent and is an ordered map, keyed on origin (an origin), with a value of client hints set (a client hints set).

The Accept-CH cache can effectively act as an alternative cookie store, since sites can use each of the hints as a bit set on the client, and that information will be communicated to them on every request. As such, a user agent MUST evict that cache whenever the user clears their cookies or when session cookies expire.

To add a new Accept-CH cache entry to the Accept-CH cache, given an origin origin and a client hints set client hints set, set Accept-CH cache[origin] to client hints set.

To retrieve the client hints set given an origin:

  1. Let clientHintsSet be an empty ordered set.

  2. Let originMatchingEntries be the entries in the Accept-CH cache whose origin is same origin with origin.

  3. For each entry in originMatchingEntries, for each token in its client hints set, append the token to clientHintsSet.

  4. Return clientHintsSet.

3.3. Initialize Client Hints set

When asked to initialize the Client Hints set with settingsObject and response as inputs, run the following steps:
  1. Let clientHintsSet be the result of running retrieve the client hints set with settingsObject’s origin.

  2. For each hint in clientHintsSet, append hint to settingsObject’s client hints set.

  3. If the result of executing Is an environment settings object contextually secure? on settingsObject is "Not Secure", abort these steps.

  4. Let browsingContext be settingsObject’s responsible browsing context.

  5. If the top-level browsing context does not equal browsingContext, abort these steps.

  6. If response’s Accept-CH header is present, parse the header field value according to the Accept-CH header parsing rules, as a field-name. Add each parsed client hints token to settingsObject’s client hints set.

  7. Add a new Accept-CH cache entry with response’s origin and settingsObject’s client hints set as inputs.

Note, the above algorithm:

3.4. Accept-CH state (http-equiv="accept-ch")

Note: This pragma appends client hints tokens to the environment settings object's client hints set.

  1. If the meta element is not a child of a head element, then return.

  2. If the meta element has no content attribute, or if that attribute’s value is the empty string, then return.

  3. Let settingsObject be the meta element’s relevant settings object.

  4. If the result of executing Is an environment settings object contextually secure? on settingsObject is "Not Secure", then return.

  5. Let browsingContext be settingsObject’s responsible browsing context.

  6. If the top-level browsing context does not equal browsingContext, abort these steps.

  7. Let acceptCHValue be the meta element’s content attribute’s value.

  8. Parse acceptCHValue according to the Accept-CH header parsing rules, as a field-name. Append each parsed client hints token to settingsObject’s client hints set.

  9. Add a new Accept-CH cache entry with settingsObject’s origin, and settingsObject’s client hints set.

4. Integration with HTML

This specification integrates with the [HTML] specification by patching the algorithms below:

4.1. Document object initialization

At Create and initialize a Document object, after step 11, starting with "Initialize a Document’s CSP list", call initialize the Client Hints set with document’s relevant settings object and response as inputs.

4.2. Worker initialization

At set up a worker environment settings object, after step 6, add the following step:
  1. Set settingsObject’s client hints set to be a clone of outside settingsclient hints set.

4.3. http-equiv attributes

This section is non-normative.

In the table on attributes, add "accept-ch" in the line which attribute is "http-equiv".

4.4. Pragma directives

For the table in pragma directives, add a line with a "State" value of Accept-CH and a "Keyword" value of accept-ch.

4.5. Extending environment settings object

An environment settings object has a client hints set: a client hints set, initially the empty set, used for fetches performed using the environment settings object as a request client.

5. Request processing

When asked to append client hints to request with request as input, run the following steps:

For each header name (hintName) in the registry’s low entropy hint table, if request’s header list does not contain hintName, then append hintName/the corresponding value to request’s header list.

If request’s client is not null, then for each client hints token hintName of request’s client’s client hints set:

  1. Let value be the return value of running find client hint value, given hintName as input.

  2. If request is a subresource request and the result of running Should request be allowed to use feature?, given request and hintName’s associated policy-controlled feature, returns false, then skip the next steps and continue to the next hintName. [FEATURE-POLICY] [CLIENT-HINTS]

  3. Set hintName to "Sec-" concatenated with hintName.

    We need to figure out if we really want a Sec- prefix, and if so also exempt it from CORS.
  4. If request’s header list does not contain hintName, a user agent should append hintName/value to request’s header list.

When asked to remove client hints from redirect if needed with request as input, run the following steps:

  1. If request’s client is null, then abort these steps.
  2. Let clientHintsSet be request’s client’s client hints set.
  3. For each hintName of clientHintsSet:

    1. Set hintName to "Sec-" concatenated with hintName.

    2. If request’s header list contains hintName and if the result of running Should request be allowed to use feature?, given request and hintName’s associated policy-controlled feature, returns false, then remove hintName from header list. [FEATURE-POLICY] [CLIENT-HINTS]

6. Integration with Fetch

This specification integrates with the [FETCH] specification by patching the algorithms below:

In Fetching, after step 1.6, run append client hints to request with request as input.

In HTTP-redirect fetch, after step 7, run remove client hints from redirect if needed with request as input.

7. Feature Registry

Note: This section contains feature-specific definitions. New features that rely on the Client Hints infrastructure need to add their respective definitions to this registry. User Agents can implement some of those features without implementing others.

7.1. Client hints token

A client hints token is a byte-lowercase representation of one of Save-Data, DPR, Width, Viewport-Width, Device-Memory, RTT, Downlink, ECT, UA-Arch, UA-Model, UA-Platform, UA or UA-Mobile.

7.2. Policy-controlled features

This document defines the following policy-controlled features:

Should Save-data really have an allowlist of *? If so, is it because it’s somehow "low entropy" and should we tie low-entropy-ness to allowlists, generally?

7.3. Low entropy hint table

The low entropy hint table below defines hints that are only exposing low amounts of entropy.
Name Value
Save-Data a suitable Save-Data value
UA a suitable UA value
UA-Mobile a suitable Mobile value

7.4. Find client hint value

When asked to find client hint value, given hint as input, switch on hint and return the result:

Save-Data
a suitable Save-Data value
DPR
a suitable DPR value
Viewport-Width
a suitable Viewport-Width value
Width
a suitable Width value
Device-Memory
a suitable Device-Memory value
RTT
a suitable RTT value
Downlink
a suitable Downlink value
ECT
a suitable ECT value
UA-Arch
a suitable Arch value
UA-Model
a suitable Model value
UA-Platform
a suitable Platform value
UA
a suitable UA value
UA-Mobile
a suitable Mobile value

Links for image features are broken, need to actually define that and link to them.

8. Security and Privacy considerations

See [CLIENT-HINTS].

9. Terms

The following terms are defined in the HTTP specifications: field-name

Conformance

Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology. The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

This is an example of an informative example.

Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

Note, this is an informative note.

Index

Terms defined by this specification

Terms defined by reference

References

Normative References

[CLIENT-HINTS]
Ilya Grigorik; Yoav Weiss. Client Hints. URL: https://httpwg.org/http-extensions/client-hints.html
[FEATURE-POLICY]
Ian Clelland. Feature Policy. URL: https://wicg.github.io/feature-policy/
[FETCH]
Anne van Kesteren. Fetch Standard. Living Standard. URL: https://fetch.spec.whatwg.org/
[HTML]
Anne van Kesteren; et al. HTML Standard. Living Standard. URL: https://html.spec.whatwg.org/multipage/
[INFRA]
Anne van Kesteren; Domenic Denicola. Infra Standard. Living Standard. URL: https://infra.spec.whatwg.org/
[RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://tools.ietf.org/html/rfc2119
[SECURE-CONTEXTS]
Mike West. Secure Contexts. 15 September 2016. CR. URL: https://www.w3.org/TR/secure-contexts/

Issues Index

We need to figure out if we really want a Sec- prefix, and if so also exempt it from CORS.
Should Save-data really have an allowlist of *? If so, is it because it’s somehow "low entropy" and should we tie low-entropy-ness to allowlists, generally?
Links for image features are broken, need to actually define that and link to them.