TL;DR
This study investigates the adoption and privacy implications of HTTP client hints, revealing low overall usage but higher adoption on trackers, which could lead to increased data leakage without user control.
Contribution
It provides the first long-term analysis of HTTP client hints in real-world usage, highlighting privacy concerns and differences between first-party and third-party websites.
Findings
Low server-side adoption of client hints despite widespread browser support.
Higher usage of client hints on third-party websites linked to trackers.
Potential privacy risks due to increased data exposure without user control.
Abstract
HTTP client hints are a set of standardized HTTP request headers designed to modernize and potentially replace the traditional user agent string. While the user agent string exposes a wide range of information about the client's browser and device, client hints provide a controlled and structured approach for clients to selectively disclose their capabilities and preferences to servers. Essentially, client hints aim at more effective and privacy-friendly disclosure of browser or client properties than the user agent string. We present a first long-term study of the use of HTTP client hints in the wild. We found that despite being implemented in almost all web browsers, server-side usage of client hints remains generally low. However, in the context of third-party websites, which are often linked to trackers, the adoption rate is significantly higher. This is concerning because client…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
