To support content negotiation use cases such as differential serving of variable fonts, color vector fonts, responsive images, and other third-party content which requires client information lost by user agent reduction. For example: variable fonts allow significantly less font information to be transferred without loss of functionality, but only works on specific operating systems.

Motivation

It’s already possible to set a Permissions Policy in the HTTP response header, but for sites without the ability to modify HTTP headers a HTML solution would be ideal. This proposal ships a meta tag which allows delegation of client hints to third-party origins. These tags could be included in code-snippets for embedded third-party content for ease of use. For example, to specify third party requests to `https://foo.bar` must include `sec-ch-width` you could include: <meta name="accept-ch" content="sec-ch-width=( https://foo.bar )"> You may still omit the permission policy and rely on the default allowlist as follows: <meta name="accept-ch" content="sec-ch-width"> Note that this is the equivalent of the following today: <meta http-equiv="accept-ch" content="sec-ch-width">

Specification

Specification link

Status: Specification being incubated in a Community Group

Status in Chromium

Blink components: Privacy>Fingerprinting

Implementation status: Proposed (tracking bug)

Consensus & Standardization

• Firefox: Neutral
• Safari: No signal
• Web Developers: Positive

Owners

• arichiv@chromium.org
• jadekessler@chromium.org
• miketaylr@chromium.org

Intent to Prototype url

Last updated on 2022-01-19