- From: Mike Taylor <notifications@github.com>
- Date: Thu, 23 Sep 2021 07:31:53 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 23 September 2021 14:32:06 UTC
> has not sending any Sec-CH-UA-* headers by default (i.e. requiring TLS opt-in even for the basic stuff) been considered? This is already true for non-secure sites (for any client hints, not just UA-CH). And I agree that [`ACCEPT_CH`](https://github.com/WICG/client-hints-infrastructure/blob/main/reliability.md#accept_ch) is fairly advanced for most use cases, which is why there's a plain HTTP [`Critical-CH`](https://github.com/WICG/client-hints-infrastructure/blob/main/reliability.md#critical-ch) mechanism to get similar functionality. But I think requiring `ACCEPT_CH` to get any UA-CH puts the entire feature set, and all its benefits, out of the reach of the vast majority of web developers. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/640#issuecomment-925871657
Received on Thursday, 23 September 2021 14:32:06 UTC