Client Hint Reliability

David Benjamin <> Mon, 20 July 2020 17:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 83AEA3A0D85 for <>; Mon, 20 Jul 2020 10:39:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.019
X-Spam-Status: No, score=-3.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kA7i6g--Kp8V for <>; Mon, 20 Jul 2020 10:39:33 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C29163A0D79 for <>; Mon, 20 Jul 2020 10:39:33 -0700 (PDT)
Received: from lists by with local (Exim 4.92) (envelope-from <>) id 1jxZiG-0004Sz-Nq for; Mon, 20 Jul 2020 17:36:28 +0000
Resent-Date: Mon, 20 Jul 2020 17:36:28 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1jxZiF-0004S9-Ci for; Mon, 20 Jul 2020 17:36:27 +0000
Received: from ([2607:f8b0:4864:20::62b]) by with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <>) id 1jxZiD-000356-QK for; Mon, 20 Jul 2020 17:36:27 +0000
Received: by with SMTP id o1so8994956plk.1 for <>; Mon, 20 Jul 2020 10:36:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:from:date:message-id:subject:to; bh=hq7wBK/MYhpWlL47huSkvy7TynielrLshsbFSj59ztM=; b=RLYs1ZBTvYXpgnA5ALgaOxntN5KL03arDrSabmQsyCuca8cyQcPAv0KXhxXdT6dO4X SOyT2MUpifKju2urJg8KrQf2khrPEI7iVbtSGp5kwJkMlA4tNmzcemJ93Ox6qe0tO9b2 lkOkcBzQjtMiOgsQtpmlFM3Gzo5eUrX1Gz2qI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=hq7wBK/MYhpWlL47huSkvy7TynielrLshsbFSj59ztM=; b=QUQ8XrDH/c7SI6dryG710HAVWzFDi+7P1Kb2A2xIJFJQH/CBmP3c2RX5Sar8Ajq4kE MuqvN3j6U6yTj8kGYIK2Gxg9fIHg1mvfNFLjmrpIZOGoRwbAsFHNlIWQSDAJDcyF+qhn RDlWc646rilGyyLptcN3leHOQQGFKY/9OSHly51EgagoGuV/zM8SU/3BHNbI6ObELuZw hQD+1p0vqqdadIdOWLKaMtBAWfu/7w7n5eCsn3H4x3cKl7UkvvchWEMSdEZpJ+yiiNDY yyz4r7P9RBrg/A/jGpjZBfeJ1mYP3PaoaBew+ZOX4LuZRf1hrPwV6fN1F80hVwBNYEq0 JNdw==
X-Gm-Message-State: AOAM530w4kInN4HBy6cN1Wvy/EWaHQGlzxGODg/ZsAQLEdkZt8Sm6Syr qm5j2Ce58ymc0LUAAWeykejRX8gj2skEKW1DT3Jd/ws=
X-Google-Smtp-Source: ABdhPJzPnV5MV1RQV39vpRN2tDZpWs20TbMLWnhGJDaVQCPqjhEVwrItaGR6C5MPDfdkn5QZRJ1JjL4i0ZhjHqqV9Mc=
X-Received: by 2002:a17:90a:bb84:: with SMTP id v4mr540197pjr.162.1595266573922; Mon, 20 Jul 2020 10:36:13 -0700 (PDT)
MIME-Version: 1.0
From: David Benjamin <>
Date: Mon, 20 Jul 2020 13:35:57 -0400
Message-ID: <>
To: HTTP Working Group <>
Content-Type: multipart/alternative; boundary="000000000000765d4b05aae2f170"
Received-SPF: pass client-ip=2607:f8b0:4864:20::62b;;
X-W3C-Hub-Spam-Status: No, score=-11.5
X-W3C-Scan-Sig: 1jxZiD-000356-QK 7c91f77d34d80116b85888b3555b26ed
Subject: Client Hint Reliability
Archived-At: <>
X-Mailing-List: <> archive/latest/37892
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

Hi all,

One of the bits of developer feedback we’ve gotten on Client Hints is the
first view problem, or more generally the reliability problem:

An HTTP request can only take into account previous HTTP responses’
Accept-CH headers, which means the first resource request to a site, either
overall or after a config change, may be missing Client Hints. Fixing this
requires detecting the reason for the missing header, which is tricky for
the server (maybe the client just never sends it), and costs a round-trip.
This makes Client Hints unattractive for top-level resources, or use cases
where the header meaningfully changes the page.

We’ve been looking at a pair of mechanisms to address this. The first is an
HTTP response header for the server to trigger a client retry if needed.
The second builds on Victor Vasiliev’s ALPS drafts to get the information
to the client before its first request in most cases, avoiding the
performance hit.

I’ve written up an initial draft describing the two:

There’s also an overview in W3C-style explainer
<> form in the Client Hints
infrastructure WICG repo:

I would be interested in hearing the WG’s thoughts on this.