- From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
- Date: Thu, 28 Mar 2019 21:07:23 +0200 (EET)
- To: HTTP Working Group <ietf-http-wg@w3.org>
- CC: Mike West <mkwst@google.com>, Kari Hurtta <hurtta-ietf@elmme-mailer.org>
5.1. Attach HTTP State Tokens to a request https://tools.ietf.org/html/draft-west-http-state-tokens-00#section-5.1 So Sec-Http-State header field is added also to requests for static sites, which do not need state. Setting Sec-Http-State-Options: delivery=same-origin sure help reduce extra Sec-Http-State: header fields to be sent (for example static resources which are references on html page, if they use another origin.) However I suggest Sec-Http-State-Options: delivery=none so that static site can opt-out that request header. Perhaps make sense also to defined other member for "Sec-Http-State-Options" header dictionary, which controls which elements ('image', 'iframe', 'script', 'audio' and so on) cause Sec-Http-State: header field added to request when correspond resource is retrieved. This is additional constrain (also "delivery" is in force). Idea is further reduce http request size. / Kari Hurtta
Received on Thursday, 28 March 2019 19:07:54 UTC