We want to reduce the amount of information the Accept-Language header value string exposes in HTTP requests and in navigator.languages. Instead of sending a full list of the user's preferred languages on every HTTP request via the Accept-Language header. We propose only sending the user’s most preferred language in the Accept-Language header. To minimize compatibility risks, we first plan to reduce the information in the HTTP header, and then reduce the related navigator.languages JS getters in the future.
The Accept-Language is a source of passive fingerprinting information about our users, it contains many details about users' preferred languages. Chrome (and other browsers) send a full list of the user's preferred languages on every HTTP request via the Accept-Language header. The header's value contains a lot of entropy about the user that is sent to servers by default. While some sites use this information for content negotiation, servers can also passively capture this information without the user's awareness to fingerprint a user. We propose to only send a single language in the Accept-Language request header. Here’s what that would look like when user tries to access https://example.com: Get / HTTP/1.1 Host: example.com Accept-Language: en
Docs: https://docs.google.com/document/d/1RkPDf7DNtcOj4KXeW8wNCuYfto-drnGYST_NvZe3GoY
Explainers: https://github.com/explainers-by-googlers/reduce-accept-language