Intent to ship: Network Partitioning

Skip to first unread message

Tim Huang

Dec 15, 2020, 2:05:45 PM12/15/20
to dev-platform
Intent to ship: Network Partitioning

# Summary
There are many tracking vectors that can be used by advertising networks to
track users across websites. One major category of tracking vectors is
known as “Supercookies,” which are stored in browsers and are difficult for
users to detect and remove. The network state can be abused by trackers as
a “Supercookie” to track users. For example, the HTTP cache was not
designed for storing data like cookies, but it can be abused for the
purposes of tracking or identifying users [0][1].

Client-Side Storage Partitioning [2] has outlined the strategy that we are
going to adopt to protect users from the aforementioned problem. As a part
of it, Network partitioning implements the protection for network state.
When enabling network partitioning, Firefox will use the top-level site,
i.e., its URL’s scheme and URL’s host’s registrable domain (eTLD+1), as an
additional key for network state. In other words, when doing an HTTP cache
entry lookup, it will not only use the URL to search the entry but use the
URL keyed by the top-level site.

Note that partitioning network state could have a performance impact
because the network caches cannot be reused for different top-level sites.
A resource that has been cached for one top-level site still needs to make
a network request if another top-level site loads the same resource. This
could increase the overall loading time.

The protection of the Network Partitioning covers assorted network state,


HTTP cache

Image cache

Favicon cache

Connection pooling

StyleSheet cache


HTTP authentication


Speculative connections

Font cache



Intermediate CA cache

TLS client certificates

TLS session identifiers



CORS-preflight cache

We have enabled Network Partitioning since Firefox 78 in Nightly channel
and Firefox 83 in the early Beta channel. We will enable it by default in
Firefox 85. As Network Partitioning ships we will be running studies to
monitor the performance impact of these changes, and may adjust the
timeline if we find that it has a severe impact.

# Bug

# Standard

# Platform coverage


# Preference


# DevTools bug


# Other browsers


Safari has shipped the network partitioning since 2013, see


Chrome has sent an intent-to-ship for partitioning the HTTP cache[3]. And
they have implemented the CORS-preflight cache partitioning. The metrics of
the performance impact of enabling HTTP cache partitioning in Chrome have
been summarized here[4].

# Web-platform-tests







Tim Huang,
Reply all
Reply to author
0 new messages