This feature is only shown in the feature list to users with edit access.

We want to reduce the amount of information the Accept-Language header value string exposes in HTTP requests and in navigator.languages. Instead of sending a full list of the user's preferred languages on every HTTP request via the Accept-Language header. We propose only sending the user’s most preferred language in the Accept-Language header.

Motivation

The Accept-Language is a source of passive fingerprinting information about our users, it contains many details about users' preferred languages. Chrome (and other browsers) send a full list of the user's preferred languages on every HTTP request via the Accept-Language header. The header's value contains a lot of entropy about the user that is sent to servers by default. While some sites use this information for content negotiation, servers can also passively capture this information without the user's awareness to fingerprint a user. We propose to only send a single language in the Accept-Language request header. Here’s what that would look like when user tries to access https://example.com: Get / HTTP/1.1 Host: example.com Accept-Language: en

Status in Chromium

Blink


No active development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signals

Owners

Last updated on 2022-03-17