[webkit-dev] X-Purpose on prefetching requests

Alexey Proskuryakov ap at webkit.org
Tue Sep 28 11:39:41 PDT 2010

28.09.2010, в 9:43, Gavin Peters (蓋文彼德斯) написал(а):

>> I've presented some concerns about the effect of this on enterprise network monitors.
> I've thought about this some more, and and I think I don't get this
> actually.  Could you clarify for me?

I think that it changes false positives to false negatives. Without the header, it will complain about prefetch requests made for Google search results. But once the monitoring software learns to ignore prefetch requests, then it will be easy to circumvent it by adding X-Purpose to every request (e.g. with a browser extension). Doomed both ways.

It seems that the only real way to make prefetch safe may be to limit it to same origin URLs. Yes, one can always do their own prefetching via a hidden frame, but the purpose of explicit prefetch was to make it semantically clean, and that doesn't seem to work without imposing a same origin restriction.

- WBR, Alexey Proskuryakov

More information about the webkit-dev mailing list