Re: Client Hint Reliability

David Benjamin <> Thu, 27 August 2020 19:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3DE313A11FC for <>; Thu, 27 Aug 2020 12:02:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.749
X-Spam-Status: No, score=-2.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XYBd01Ufz1BU for <>; Thu, 27 Aug 2020 12:02:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CEBC23A11FE for <>; Thu, 27 Aug 2020 12:02:41 -0700 (PDT)
Received: from lists by with local (Exim 4.92) (envelope-from <>) id 1kBN83-0002qf-43 for; Thu, 27 Aug 2020 19:00:07 +0000
Resent-Date: Thu, 27 Aug 2020 19:00:07 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1kBN81-0002pT-3A for; Thu, 27 Aug 2020 19:00:05 +0000
Received: from ([2607:f8b0:4864:20::1033]) by with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <>) id 1kBN7z-0001iZ-9Q for; Thu, 27 Aug 2020 19:00:04 +0000
Received: by with SMTP id q93so3040350pjq.0 for <>; Thu, 27 Aug 2020 12:00:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=64eZT7XPFvMDZbJK8IwaLYwhERPNhZPVwiDBMEshMy0=; b=LirhhJMEnyP8llzNByGXtZ42D7tuNR7KpiZieeDHZa15R0BMta67pKogQGbfweNVpx k1oTB5DKMACha7RK7BCcr2RtiJX5ZxdWwxCEwWc4QzN5iFnoHZIKSFj3D289oM30O53B Xq7Sd+mx08Hrj+gy0V/jCM0IQZMwsbbC5Vcso=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=64eZT7XPFvMDZbJK8IwaLYwhERPNhZPVwiDBMEshMy0=; b=pWD5vuvymRq4l0zj+pgLseA6UlzdbOhoaF+LjwfLLhgP0nOeiazHUbbhBnSgfhxyTQ vcIVHDzdqU9VYtv2OY4Y68ZRnl3UOJoxIxyq78EzhpouinGiyElvTeittDAsQWaauGcy q2lZ8hnXnYYPqgiH01iZUtGa4n29fBnGy+8GyTtDoDkTyKPmcsvpzSUAHtD4ws3Ad3ZU 6oE5Dy85y70ymale633pLW9/KEmwAV7zgtUkYzNLyr6PJhsHJANDkDpDWvS05ZtUwDne 3o1TM4EdULABU2euFWFEQTgpGZX981/kti/si1AL5GpL4SnO2moj2/8Ub9hCzwqDOiIa 9oNg==
X-Gm-Message-State: AOAM530L/caqKuaT/IJwBEX9A7uXD5RkF5FTvXTHQKVCpdVF5PA/zdKz AWbI4Hi5cnBoF/eLjcDRjiFja2t9MeTQQ6Ygj6nPZc/qAg==
X-Google-Smtp-Source: ABdhPJyJNUtIMPH2+nt6DY15o22/EG64rNubPD6J/SLh8gIF+4PwjkIpmYwom39c3y6e5fep+L+2GGUS6eSbr8l1CYE=
X-Received: by 2002:a17:90a:b007:: with SMTP id x7mr215164pjq.73.1598554790990; Thu, 27 Aug 2020 11:59:50 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: David Benjamin <>
Date: Thu, 27 Aug 2020 14:59:34 -0400
Message-ID: <>
To: HTTP Working Group <>
Content-Type: multipart/alternative; boundary="0000000000007900e605ade08aa0"
Received-SPF: pass client-ip=2607:f8b0:4864:20::1033;;
X-W3C-Hub-Spam-Status: No, score=-12.2
X-W3C-Scan-Sig: 1kBN7z-0001iZ-9Q a3a081e364b6596285724b37cfe192ad
Subject: Re: Client Hint Reliability
Archived-At: <>
X-Mailing-List: <> archive/latest/37964
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

As a quick update, I've just uploaded draft-01 of the document. I've
matched draft-ietf-httpbis-client-hints in using "user agent" instead of
"client", and we've realized that the HTTP/2 frame didn't quite work right
with HTTP caching (by the time you've made a network connection, you've
already evaluated Vary and potentially conditionalized the request), so
it's now been reworked as a funny restart which I think mirrors Critical-CH
fairly nicely.


On Mon, Jul 20, 2020 at 1:35 PM David Benjamin <>

> Hi all,
> One of the bits of developer feedback we’ve gotten on Client Hints is the
> first view problem, or more generally the reliability problem:
> An HTTP request can only take into account previous HTTP responses’
> Accept-CH headers, which means the first resource request to a site, either
> overall or after a config change, may be missing Client Hints. Fixing this
> requires detecting the reason for the missing header, which is tricky for
> the server (maybe the client just never sends it), and costs a round-trip.
> This makes Client Hints unattractive for top-level resources, or use cases
> where the header meaningfully changes the page.
> We’ve been looking at a pair of mechanisms to address this. The first is
> an HTTP response header for the server to trigger a client retry if needed.
> The second builds on Victor Vasiliev’s ALPS drafts to get the information
> to the client before its first request in most cases, avoiding the
> performance hit.
> I’ve written up an initial draft describing the two:
> There’s also an overview in W3C-style explainer
> <> form in the Client Hints
> infrastructure WICG repo:
> I would be interested in hearing the WG’s thoughts on this.
> David