Intent to Experiment: Sec-bfcache-experiment HTTP Header

300 views
Skip to first unread message

Rakina Zata Amni

unread,
Aug 26, 2020, 7:55:52 AM8/26/20
to blink-dev, Alexander Timin, Kentaro Hara, kenji...@chromium.org, bfcache-dev

Contact emails

bfcac...@chromium.org, alt...@chromium.org, har...@chromium.org, kenji...@chromium.org, rak...@chromium.org


Spec

N/A, but see I2S of back-forward cache linked below for information related to the back-forward cache.


Summary

We’re running an experiment that enables the back-forward cache for same-site navigations. Websites might be interested to know whether a page they’re serving is included in the experiment (which means the page might get stored into the back-forward cache and later restored) for analytics purposes (e.g. analyzing user behavior with back-forward cache enabled vs not). 


When a page opts-in into the Origin Trial, we will send a “Sec-bfcache-experiment” HTTP header on resource requests made by the page. The value will be set to the back-forward cache experiment group that the page is currently in (e.g. "experiment1-enabled", "experiment1-control", "experiment1-default")


Note that this is different from the ability to tell if a page got stored into/restored from the back-forward cache. It is already possible to do so by checking the pagehide/pageshow event’s persisted property. Knowing only this information is not enough to determine the bfcache “hit rate”, as the site doesn't have a way to distinguish between cases when back-forward cache wasn't enabled for the user and when it was enabled, but the page couldn't have been stored in the back-forward cache. 


Link to “Intent to Prototype” blink-dev discussion

No I2P for the header, but we have an I2S for cross-site back-forward cache: https://groups.google.com/a/chromium.org/d/msg/blink-dev/S9qRFx4ozXk/DNT8tiR3BAAJ 


Goals for experimentation

As the HTTP header should only be used to determine whether a page is included in the same-site  back-forward cache experiment, it is intended to be temporary and its lifetime will be bounded by the same-site back-forward cache experiment. We will not ship this HTTP header.


Experimental timeline

M86-M88


Any risks when the experiment finishes?

None - this HTTP header is intended only to help websites know whether they have same-site bfcache enabled or not for analyzing benefits or potential issues.


Ongoing technical constraints

None.


Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?

No - since the same-site bfcache experiment is only enabled on Android, the HTTP header will only be supported on Android.


Link to entry on the feature dashboard

Back-forward cache: https://chromestatus.com/feature/5815270035685376


Yoav Weiss

unread,
Aug 27, 2020, 5:32:59 PM8/27/20
to Rakina Zata Amni, blink-dev, Alexander Timin, Kentaro Hara, Kenji Baheux, bfcache-dev
The API OWNERS discussed this today (Alex, Chris, Daniel and me):
  • Even though we recently concluded that I2Es require a spec, it seems that this case merits an exception, as there's no intention to actually ship this beyond the OT. An explainer that would indicate interested partners what the headers they should expect seems sufficient.
  • Since the headers are web exposed, it seems that they are subject to the Blink process.
  • Since the headers would be short-lived, there's little risk that sites would become reliant on them
  • Running this as an OT gives us control over which sites sign up, enabling us to detect and mitigate abuse
All this to say, LGTM to experiment conditional on an explainer/documentation


--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACPC1r7EYrTK%3DiBMxyVTaN5NhoecM_JUoKnpC52gvHhm2QX4uQ%40mail.gmail.com.

Rakina Zata Amni

unread,
Sep 2, 2020, 6:12:45 AM9/2/20
to Yoav Weiss, blink-dev, Alexander Timin, Kentaro Hara, Kenji Baheux, bfcache-dev

Caleb Raitto

unread,
Sep 3, 2020, 3:52:10 PM9/3/20
to blink-dev, yo...@yoav.ws, alt...@chromium.org, har...@chromium.org, kenji...@chromium.org, bfcac...@chromium.org
We discussed this at this week's security and privacy review, and we had a few questions: 
  • How long is the origin trial duration?
  • Roughly how large is the origin trial?
  • Is the Sec-bfcache-experiment HTTP header only provided to the top-level frame? What about subresources? 
Thanks,
-Caleb
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Rakina Zata Amni

unread,
Sep 6, 2020, 10:58:32 PM9/6/20
to Caleb Raitto, blink-dev, Yoav Weiss, Alexander Timin, Kentaro Hara, Kenji Baheux, bfcache-dev
Hi Caleb,
The origin trial is planned for M86-M88 (until ~Feb 2021), and OTs are limited to ~0.5% of page loads (is this what you're interested in for the "how large" question?). OTs are per-document, so main frames and subframes need to opt-in into the OT separately. The Sec-bfcache-experiment HTTP header itself will be sent on non-navigation resource requests made by an opted-in document (there's more details in the explainer).

Let me know if you have further questions!

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

--
You received this message because you are subscribed to the Google Groups "bfcache-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bfcache-dev...@chromium.org.
To view this discussion on the web, visit https://groups.google.com/a/chromium.org/d/msgid/bfcache-dev/cacdf7bf-9039-4117-b97b-e84252718d98o%40chromium.org.

Caleb Raitto

unread,
Sep 14, 2020, 1:15:14 PM9/14/20
to blink-dev, cara...@chromium.org, yo...@yoav.ws, alt...@chromium.org, har...@chromium.org, kenji...@chromium.org, bfcac...@chromium.org
Thanks for the details, this sounds acceptable per identifiability review.

-Caleb
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

--
You received this message because you are subscribed to the Google Groups "bfcache-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bfcache-dev+unsubscribe@chromium.org.

Caleb Raitto

unread,
Sep 21, 2020, 1:18:35 PM9/21/20
to blink-dev, Caleb Raitto, yo...@yoav.ws, Alexander Timin, Kentaro Hara, Kenji Baheux, bfcac...@chromium.org
Hi, sorry, one more quick question: 

Can the Sec-bfcache-experiment header be sent if third-party cookies are disabled? 

Thanks, 
-Caleb

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

--
You received this message because you are subscribed to the Google Groups "bfcache-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bfcache-dev...@chromium.org.

Rakina Zata Amni

unread,
Sep 22, 2020, 6:28:38 AM9/22/20
to Caleb Raitto, blink-dev, yo...@yoav.ws, Alexander Timin, Kentaro Hara, Kenji Baheux, bfcac...@chromium.org
Yes, I think so. Should it not do that? Are there other things that should disable this?

Caleb Raitto

unread,
Sep 24, 2020, 4:39:07 PM9/24/20
to blink-dev, Rakina Zata Amni, blink-dev, yo...@yoav.ws, Alexander Timin, Kentaro Hara, Kenji Baheux, bfcac...@chromium.org, Caleb Raitto
We discussed some more -- given that the header only exposes 2-3 bits (4 header values + no header), and is scoped to a small experiment, this should be OK, and should not block the experiment. 

Thanks, and sorry for the back-and-forth,
-Caleb

Reply all
Reply to author
Forward
0 new messages