A Problem

HTTP request headers expose quite a bit of information about users by default, even over plaintext. It would be better if this information was a) opt-in, b) locked to secure transport, and c) delegated by the first-party to specific third-parties. Client Hints, conviniently enough, provides exactly this infrastructure.

Some Proposals

User-Agent and Accept-Language headers seem like particularly low-hanging fruit:

*   https://github.com/mikewest/ua-client-hints suggests that we split User-Agent into UA, UA-Platform, UA-Arch, and UA-Model Client Hints. https://tools.ietf.org/html/draft-west-ua-client-hints

*   https://github.com/mikewest/lang-client-hint suggests that we turn Accept-Language into a Lang Client Hint. https://tools.ietf.org/html/draft-west-lang-client-hint has a bit more detail about the implementation.
 

A Problem
=========

HTTP request headers expose quite a bit of information about users by default, even over plaintext. It would be better if this information was a) opt-in, b) locked to secure transport, and c) delegated by the first-party to specific third-parties. Client Hints, conviniently enough, provides exactly this infrastructure.

Some Proposals
==============

User-Agent and Accept-Language headers seem like particularly low-hanging fruit:

*   https://github.com/mikewest/ua-client-hints suggests that we split User-Agent into UA, UA-Platform, UA-Arch, and UA-Model Client Hints. https://tools.ietf.org/html/draft-west-ua-client-hints

*   https://github.com/mikewest/lang-client-hint suggests that we turn Accept-Language into a Lang Client Hint. https://tools.ietf.org/html/draft-west-lang-client-hint has a bit more detail about the implementation.