Re: New Version Notification for draft-nottingham-httpbis-pre-denied-00.txt from Lucas Pardue on 2026-02-26 (ietf-http-wg@w3.org from January to March 2026)

From: Lucas Pardue <lucas@lucaspardue.com>
Date: Thu, 26 Feb 2026 09:59:39 +0000
To: "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <93cffc40-18e6-4984-8178-1c4668aa603f@app.fastmail.com>

Hi,

On Thu, Feb 26, 2026, at 08:51, Mark Nottingham wrote:
> It's a good question. It's more interoperable to define it as part of a concrete, specific protocol; it's more reusable to make it generic. 
> 
> Given that this code is needed because reuse caused confusion, I'm inclined towards the former, but I'm not against the latter (though the definition can always be updated expanded if need be).
> 
> What do others think?

Perhaps unsurprisingly, I think the problem exists and is worth solving.

I see some parallels with 425 Too Early [1], which says:

> User agents that send a request in early data are expected to retry the request when receiving a 425 (Too Early) response status code. A user agent SHOULD retry automatically, but any retries MUST NOT be sent in early data.

The difference is in the rejection reason, based either on the TLS terminating proxy detecting TLS early data itself and making the judgement, or observation of the Early-Data request header (i.e. similar to the Sec-Purpose)

On one hand, I worry that a more-generic status code could muddy the waters, perhaps leading to confusion on what to status to pick and that could interfere with use of 425. 

On the other hand, coining a status only for Sec-Purpose: prefetch seems like it could be short sighted if there might ever be other purposes (it seems to be related to link relations, and we've seen those evolve). I could imagine some scenario where an origin adds Link headers in 103 Early Hints that triggers some requests that a gateway doesn't want to handle yet.

Finally, I'm not a huge fan of the name Preliminary request. Perhaps if we want to tie it to the Sec-Purpose field (which I wouldn't mind) then 4xx Purpose Declined might be clearer.

Cheers
Lucas

[1] - https://httpwg.org/specs/rfc8470.html#status
> 
> 
> > On 26 Feb 2026, at 5:58 pm, Julian Reschke <julian.reschke@gmx.de> wrote:
> > 
> > Am 24.02.2026 um 00:19 schrieb Mark Nottingham:
> >> (without my 'chair' hat on)
> >> I'd like the WG to consider adoption. See here for context:
> >> https://github.com/WICG/nav-speculation/issues/138 <https://github.com/ WICG/nav-speculation/issues/138>
> >> Cheers,
> >> ...
> > 
> > I have one question:
> > 
> > "A preliminary request is one that contains a Sec-Purpose header field [FETCH] with the value "prefetch"."
> > 
> > Could this be made a bit more generic, so that it is not directly tied to a specific request field?
> > 
> > Best regards, Julia
> > 
> 
> --
> Mark Nottingham   https://www.mnot.net/
> 
> 
>

Received on Thursday, 26 February 2026 10:00:10 UTC