- From: Patrick Meenan <pmeenan@webpagetest.org>
- Date: Tue, 06 Sep 2011 13:23:03 -0400
- To: public-web-perf@w3.org
- Message-ID: <4E6656F7.3040302@webpagetest.org>
I remember there being some privacy concerns about exposing the granular details but I can't remember the specifics or find Anderson's original email that discussed them. I'd like to encourage all companies that provide widgets that get embedded in other people's pages to also include the Timing-Allow-Origin: * header for transparency into their service but I'd hate to be encouraging people to do it if it is the wrong thing to do for privacy reasons. Thanks, -Pat On 9/6/2011 1:01 PM, James Simonsen wrote: > On Tue, Sep 6, 2011 at 8:00 AM, Alois Reitbauer > <alois.reitbauer@dynatrace.com <mailto:alois.reitbauer@dynatrace.com>> > wrote: > > I have a question on cross-origin resources. Does the current spec > state that when the document is loaded from www.mydomain.com > <http://www.mydomain.com> that I will not get any timing > information from www.yourdomain.com <http://www.yourdomain.com> ? > This would make it impossible to monitor third party resources. > > > You'll get the overall load time for those resources, but it won't be > broken down into the details (DNS time, connect time, etc.). Those > values will all report 0. > > If you want all the information, you'll have to add the > Timing-Allow-Origin header to the resource's HTTP response. See: > > http://dvcs.w3.org/hg/webperf/raw-file/tip/specs/ResourceTiming/Overview.html#cross-origin-resources > > James
Received on Tuesday, 6 September 2011 17:23:34 UTC