Missing HTTP header-specific pages (known)

[chrisdavidmills]

@hamishwillee commented on Mon Nov 09 2020

URL(s)

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
• https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS - broken link to "Downlink"
• https://developer.mozilla.org/en-US/docs/Glossary/Client_hints

Details

There are many missing HTTP header pages - as linked from URLs above. In some cases there have paragraph docs, in others there is nothing. List from the main Headers Page:

• Accept-Push-Policy (docs(Fx132): HTTP/2 Server Push is now deactivated by default in most major browsers #36149)
• Accept-Signature
• Content-DPR (Update device client hint information #6097)
• Last-Event-ID (Reorg and polish HTTP Headers landing page #31146)
• Origin-Isolation
• Ping-To (Reorg and polish HTTP Headers landing page #31146)
• Push-Policy (docs(Fx132): HTTP/2 Server Push is now deactivated by default in most major browsers #36149)
• Refresh (Content suggestion: document HTTP Refresh header #15340)
• Report-To (FF130 CSP report-to directive #35331)
• Sec-CH-UA-Form-Factor (New pages for two new(ish) UA CH headers #34853)
• Sec-CH-UA-Prefers-Color-Scheme (Fix UA CH header list #34850)
• Sec-CH-UA-Prefers-Reduced-Motion (Fix UA CH header list #34850)
• Sec-CH-UA-WoW64 (New pages for two new(ish) UA CH headers #34853)
• Sec-WebSocket-Key (Standalone pages for Sec-WebSocket-* headers #34852)
• Sec-WebSocket-Extensions (Standalone pages for Sec-WebSocket-* headers #34852)
• Sec-WebSocket-Protocol (Standalone pages for Sec-WebSocket-* headers #34852)
• Sec-WebSocket-Version (Standalone pages for Sec-WebSocket-* headers #34852)
• Service-Worker-Allowed (New page for Service-Worker-Allowed #34854)
• Signed-Headers
• Signature
• Viewport-Width (Update device client hint information #6097)
• Width (Http client headers updates #5784)
• X-Download-Options
• X-Firefox-Spdy (Reorg and polish HTTP Headers landing page #31146)
• X-Permitted-Cross-Domain-Policies
• X-Pingback (Reorg and polish HTTP Headers landing page #31146)
• X-Powered-By
• X-Requested-With (Reorg and polish HTTP Headers landing page #31146)
• X-Robots-Tag
• X-UA-Compatible

[jpmedley]

@Elchi3 I think some of these are Google's creation, so I'm trying to get some help within Google. Can you point me to a header reference page that's up to date with regard to style and structure?

[Elchi3]

I believe https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data is something that I wrote relatively recently.

[jpmedley]

I'm taking:

• Viewport-Width
• Width
• Content-DPR

Will probably do more later.

I'm finding that some of these are values for headers, not headers themselves.

[sideshowbarker]

See also #1506 (comment)

[SphinxKnight]

Cross-linking #15340 here for Refresh

[Josh-Cena]

The remaining links are:

• Accept-Push-Policy Header Field, an internet draft that seems abandoned
  • Accept-Push-Policy
  • Push-Policy
• Signed HTTP exchanges, an internet draft that seems new and non-standard
  • Accept-Signature
  • Signature
  • Signed-Headers
• Origin-Isolation, have no idea what this is, maybe an obsolete origin isolation API?
• Non-standard headers
  • X-Permitted-Cross-Domain-Policies
  • X-Powered-By
  • X-Robots-Tag

Pinging @mdn/yari-content-http to decide what to do for each feature group: should we remove all mentions to it, remove the links only, or add pages? It's hard to tell which ones are supported and to what extent.

[hamishwillee]

what to do for each feature group: should we remove all mentions to it, remove the links only, or add pages? It's hard to tell which ones are supported and to what extent.

I don't know what you mean by this question - what page and headings are you referring to (I had a quick scan of the issue, but it has been a long time since it was posted and I have lost context).

[Josh-Cena]

I meant strictly in the context of my post: I have a list containing four groups of headers. I wonder if, for each group of headers, we should document them or not.

[hamishwillee]

For some reason, I'm not in that group. I've asked for access though. So here is "IMO":

I would drop Accept-Push-Policy Header Field as the spec is expired and archived. There is no evidence of implementation.

We should keep Signed HTTP Exchanges and document them. I don't know anything about them, but this spec is linked from https://developer.chrome.com/blog/signed-exchanges which indictates support from Chrome 73.

Remove Origin-Isolation - it isn't found in any search or present in the specs that to related to origin isolation.

For the non-standard cases we'll need more expertise - for example X-Robots-Tag does get quite a lot of mentions and I don't know of a "standard alternative", similarly X-Forwarded-For has a standard alternative, but I believe that X-Forwarded-For is a defacto standard. So we should keep it (if that is the case).

[bsmth]

• Accept-Push-Policy Header Field, an internet draft that seems abandoned
  • Accept-Push-Policy
  • Push-Policy

I think we can cross these off the list as Server Push is being unshipped everywhere - https://groups.google.com/a/mozilla.org/g/dev-platform/c/vU9hJg343U8/m/4cZsHz7TAQAJ

[Josh-Cena]

@bsmth Is there a PR to remove references to these headers?

[bsmth]

@bsmth Is there a PR to remove references to these headers?

I can remove in the following:

• docs(Fx132): HTTP/2 Server Push is now deactivated by default in most major browsers #36149