yoavweiss
commented
4 years ago The main reason Accept-CH opt-ins are only allowed on top-level navigation responses is for security reasons. We wouldn't want any random sub-resource to be able to extract the information they provide.
The processing model forAccept-CH by browsers is defined in client-hints-infrastructure#document-init and the initialize the client hints set algorithm that it calls.
If you'd like more details about the reasoning, feel free to open an issue on that repo.
Add Accept-CH to response header in server side, all is good when request is run normally as Http Request, I got all needed header CH, but when I request is run as XMLHttpRequest then is nothing to get. Why XMLHttpRequest doesn't return CH header ?