Intent to Prototype: Pass 'Sec-Purpose: prefetch' header with <link rel=prefetch>

135 views
Skip to first unread message

Chromestatus

unread,
Apr 28, 2025, 1:11:51 PMApr 28
to blin...@chromium.org, stev...@microsoft.com

Contact emails

stev...@microsoft.com

Explainer

https://github.com/w3c/resource-hints/issues/74

Specification

https://chromium-review.googlesource.com/c/chromium/src/+/6334746

Summary

Chrome currently passes both 'Purpose: prefetch' and 'Sec-Purpose: prefetch' headers as part of prefetch through speculation rules. However, only 'Purpose: prefetch' is passed with <link rel=prefetch>. We plan to standardize this header for both speculation rules and <link rel=prefetch> by adding 'Sec-Purpose: prefetch' header to the latter. Future work will involve stop sending 'Purpose: prefetch' for prefetches, prerenders, etc.



Blink component

Blink>Loader

Motivation

SpeculationRules prefetch does send Sec-Purpose: "prefetch" header, but rel="prefetch" does not. The purpose headers allows servers to discern between regular requests and "resource hints" (requests that are only meant to populate caches).



Initial public proposal

None

TAG review

Not filed as this is a minor change of unspec'ed UA behavior for an existing feature. (Can start a review if recommended)

TAG review status

Pending

Risks



Interoperability and Compatibility

As commented at notes on Firefox and Safari, each browser uses non-standardized header name that is not aligned with CORS spec. This change will introduce better interoperability and compatibility for a long term.



Gecko: No signal Firefox has sent ‘X-moz: prefetch’.

WebKit: No signal Safari has sent 'Purpose: prefetch' but changed to use 'X-Purpose: preview'.

Web developers: No signals

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Debuggability



Is this feature fully tested by web-platform-tests?

No

Plan to add a new test.



Flag name on about://flags

None

Finch feature name

None

Non-finch justification

None

Requires code in //chrome?

False

Tracking bug

https://issues.chromium.org/issues/40236973

Estimated milestones

No milestones specified



Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/6247959677108224?gate=5461946554384384

This intent message was generated by Chrome Platform Status.
Reply all
Reply to author
Forward
0 new messages