Clear Client Hints via Clear-Site-Data header

32 views
Skip to first unread message

Ari Chivukula

unread,
Jul 17, 2023, 2:36:04 PM7/17/23
to blink-dev

Contact emails

ari...@chromium.org, mike...@chromium.org, yoav...@chromium.org


Specification

https://w3c.github.io/webappsec-clear-site-data/


Summary

Websites will now be able to clear the client hints cache using `Clear-Site-Data: “clientHints”`. Client hints will also now be cleared when “cookies”, “cache”, or “*” are targeted by the same header. This is because if the user clears cookies in the UI client hints are already cleared as well, the client hints cache is a cache, and to be consistent with wildcard targets respectively.


Blink component

Blink>Network>ClientHints


Motivation

The only current way for a website to force the client hint cache to be cleared is to send a single header like `Accept-CH:` with no content. If any other `Accept-CH:` headers are sent at all (empty or not) this will cause all of them to be ignored. If the `Accept-CH` header is injected into an HTTP response at multiple points, it can be difficult to silence them all when one part of the server wishes to clear all hints. This header provides a way to do that, as the `Clear-Site-Data: “clientHints”` header clears the cache and causes all other `Accept-Ch` or `Critical-CH` headers to be ignored.


TAG review

https://github.com/w3ctag/design-reviews/issues/871


Compatibility & Interoperability

We would be the first to implement if approved.


Gecko: https://github.com/mozilla/standards-positions/issues/848


WebKit: https://github.com/WebKit/standards-positions/issues/230


Web Developers: Requested by Akamai


Is this feature fully tested by web-platform-tests?

https://wpt.fyi/results/client-hints/clear-site-data?label=experimental&label=master&aligned


Tracking bug

https://crbug.com/1458394


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5105030738214912


Reply all
Reply to author
Forward
0 new messages