User-Agent Client Hints "ch-ua-high-entropy-values" permissions policy

Category: Miscellaneous
Type: New or changed feature
Status: Proposed (Chrome Proposed)
Intent stage: None

Summary

Adds support for a 'ch-ua-high-entropy-values' permissions policy that enables a top-level site to restrict which documents are able to collect high-entropy client hints via the navigator.userAgentData.getHighEntropyValues() JS API. Restricting collection of high-entropy hints over HTTP is already possible via existing per-client-hint permissions policies.

Motivation

Currently it's only possible to restrict third-party collection of high-entropy User-Agent Client Hints when they're requested over HTTP (via the various permissions policies associated with each Client Hint, i.e., https://wicg.github.io/client-hints-infrastructure/#policy-controlled-features). The permissions policy introduced in this change allows a first-party site to have more control over which third-parties are allowed to request high-entropy client hints via the getHighEntropyValues JS API, which could be deployed alongside the other permissions policies.

Standards & signals

Specification: https://wicg.github.io/ua-client-hints/#ch-ua-high-entropy-values
Firefox: Neutral — I haven't requested a new position for this small addition, since they don't support any of it, but they are neutral on the API itself.
Safari: No signal — No official position, as it's blocked on a position on Client Hints in general. But I have left a comment with a pointer to this feature.
Web developers: No signals
Tracking bug: https://issues.chromium.org/issues/385161047

Explainers: https://github.com/WICG/ua-client-hints/blob/main/README.md

View on chromestatus.com