See https://github.com/WICG/nav-speculation/issues/302 The prefetch cache should allow responses to be cached but discarded if particular cookies change (e.g., login cookie, preferred language/theme).
Even though prefetches have a short lifetime, it is possible for a prefetched response to be "stale" by the time it is used due to a change in the user state (e.g., logging out). This could be surprising as the user expects to observe this change, or in the worst case, a security issue if they have logged out on a public device and the next user is able to access a prefetched page (though this is not the only way this can happen). Developers can work around this by not using prefetch or prerender, but we'd like for them to not have to make that tradeoff. However, Vary: Cookie is infamous for being too big a hammer, since many origins set a variety of cookies which shouldn't invalidate huge swathes of the cache. Instead, browsers should respect response header fields which allow more specific cache invalidation, most likely by cookie name.
None
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
None
No milestones specified