Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Accept-CH] is a relatively new approach; we're still evaluating - are done evaluating? #71

Open
tomrittervg opened this issue Jan 17, 2025 · 0 comments
Open

[Accept-CH] is a relatively new approach; we're still evaluating - are done evaluating? #71

tomrittervg opened this issue Jan 17, 2025 · 0 comments

Comments

@tomrittervg
Copy link

Require servers to advertise or opt in to access data.
Even for data sent in HTTP request headers, requiring servers to advertise use of particular data, publicly document a policy, or "opt in" before clients send configuration data provides the possibility of detection by user agents or researchers.
For example, Client Hints [[?httpbis-client-hints]] proposes an Accept-CH response header for services to indicate that specific hints can be used for content negotiation, rather than all supporting clients sending all hints in all requests.
This is a relatively new approach; we're still evaluating whether this provides meaningful and useful detectability.

This was written just over 6 years ago. It seems like we should remove this note about evaluating it, and decide what we think of it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tomrittervg