ResourceTiming - deliveryType

[jeremyroman]

Request for Mozilla Position on an Emerging Web Specification

• Specification Title: ResourceTiming - deliveryType
• Specification or proposal URL (if available): https://w3c.github.io/resource-timing/#dom-performanceresourcetiming-deliverytype
• Explainer URL (if available): https://gist.github.com/jeremyroman/43f8f290f1f404d3b7f6cb708601c7f0
• Mozillians who can provide input (optional):

Other information

The Resource Timing text currently only covers "" and "cache".

Chromium also implements "navigational-prefetch" as part of https://wicg.github.io/nav-speculation/prefetch.html (currently behind a flag). Some of that work might be covered by https://github.com/mozilla/standards-positions/issues/620.

[zcorpan]

cc @bdekoz @bgrins

[smaug----]

How is this not revealing something new about user's browsing behavior, in other words, why is this not a privacy issue?

[jeremyroman]

In the case of "cache", it is subject to whatever cache partitioning scheme the UA uses (e.g., if the cache is partitioned by top-level site, it doesn't reveal anything about browsing on other sites). Additionally, this is subject to the same protections as transferSize, which exposes the cache mode (0 implies local, 300 implies validated, any value above 300 implies uncached). transferSize and deliveryType are also subject to the same Timing-Allow-Origin check.

In the case of prefetch, browsers already send request headers indicating that a request is for prefetch, and servers could modify their response depending on this header.