Re: Migrating some high-entropy HTTP headers to Client Hints.

Hello Mike, others,

On 2018/11/29 19:22, Mike West wrote:
> Hey folks,
> Section 9.7 of RFC7231 <>
> rightly notes that some of the content negotiation headers user agents
> deliver in HTTP requests create substantial fingerprinting surface. I think
> it would be beneficial if we took steps to reduce their prevalence on the
> wire, and Client Hints looks like a reasonable infrastructure on top of
> which to build.

Sorry to be very late, and with a rather basic question:

The point about substantial fingerprinting is definitely important. But 
what's the difference, in terms of fingerprinting, between the following 
two alternatives?

a) The browser sending out Accept-Language,... to a server interested in 

b) A server interested in fingerprinting sending out an Accept-CH header 
with the equivalent information, even if the server doesn't need e.g. 
language information for serving the request.

Regards,   Martin.

Received on Sunday, 13 January 2019 11:57:03 UTC