Intent to Prototype: User-Agent Client Hints "ch-ua-high-entropy-values" permissions policy

154 views
Skip to first unread message

Mike Taylor

unread,
Apr 2, 2025, 7:42:33 PMApr 2
to blink-dev

Contact emails

mike...@chromium.org


Explainer

See Motivation below.


Specification

https://wicg.github.io/ua-client-hints/#ch-ua-high-entropy-values


Summary

Adds support for a 'ch-ua-high-entropy-values' permissions policy that enables a top-level site to restrict which documents are able to collect high-entropy client hints via the navigator.userAgentData.getHighEntropyValues() JS API.


Blink component

Blink > Network > ClientHints


Motivation

Currently it's only possible to restrict third-party collection of high-entropy User-Agent Client Hints when they're requested over HTTP (via the various permissions policies associated with each Client Hint, i.e., https://wicg.github.io/client-hints-infrastructure/#policy-controlled-features).


The permissions policy proposed by this change allows a first-party site to have more control over which third parties are allowed to request high-entropy client hints via the getHighEntropyValues() JS API, which could be deployed alongside the other permissions policies.


Initial public proposal

https://github.com/WICG/ua-client-hints/issues/151#issuecomment-783668130


Interoperability and Compatibility


Gecko: Neutral. :mt had previously commented that new UA-CH features should defer to their official position.


WebKit: Not requested yet. But the initial issue that prompted this feature was filed as feedback from WebKit.


Web developers: Informal support from a conversation with a developer working on a privacy-focused search engine who was interested in this feature.


WebView application risks

Nothing special here


Is this feature fully tested by web-platform-tests?

Yes, WPTs will be added


Flag name on about://flags

None


Finch feature name

ClientHintUAHighEntropyValuesPermissionPolicy


Requires code in //chrome?

False


Tracking bug

https://issues.chromium.org/issues/385161047


Launch bug

https://launch.corp.google.com/launch/4366844


Estimated milestones

No milestones specified



Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/6176703867781120?gate=4953839037579264


Reply all
Reply to author
Forward
0 new messages