- From: Ryan Pellette <ryan@catchpoint.com>
- Date: Wed, 7 Jan 2015 18:26:54 +0000
- To: "public-web-perf@w3.org" <public-web-perf@w3.org>
- Message-ID: <BLUPR04MB419C15CEF475AB10051AE78A0460@BLUPR04MB419.namprd04.prod.outlook.com>
While I do understand the intention for having it, I am not sure is really protecting anyone. First of all, most ad systems are tracking almost everyone on every page and doing mappings of user IDs behind the scenes and bidding for ads in market places. Second, and more importantly, website owners need to know what URLs are on their pages and what their impact on performance is. If a website owner (say Netflix) is worried that other sites will load their content in another website (say foo.com) - we should have the header to say do not allow. In other words, don't by default block everything - similar to how robots.txt works with search bots. Otherwise what we currently have in this spec will never do what the websites need it to do; 90% plus of the requests on a page are delivered from domains other than the site's domain. Finally, Duration would tell you if an object was cached or not. Theoretically, foo.com could create a page that makes a request behind the scenes to https://secure.netflix.com/us/layout/ecweb/common/logo-reg2x.png and by looking at the Duration, foo.com could see that the Duration was within milliseconds, so it must have come from cache.
Received on Wednesday, 7 January 2015 18:27:23 UTC