1353489 - pass if-none-match header to requestHeaders to be able to prevent E-Tag tracking

Status: UNCONFIRMED

(WebExtensions :: Request Handling, defect, P3)

Description

[miby]

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170323105023

Steps to reproduce:

Addons who try to protect against E-Tag tracking using webRequest.onBeforeSendHeaders should be able to remove, or at least detect the if-none-match header.


Actual results:

Currently the header is not represented in the details.requestHeaders array.

Comment 1

[miby]

Another solution would be to add an option to the upcoming privacy api (https://bugzilla.mozilla.org/show_bug.cgi?id=1312802) which allows the developer to disable sending etags, but simply passing through all headers to the webRequest details api seems fairly straightforward to me. I generally wonder why these headers are excluded for developers.

Comment 2

[:shell escalante]

re-writing description, likely file as nightly bug

Comment 3

[Shane Caraveo (:mixedpuppy)]

(In reply to miby from comment #1)
> I generally wonder why these headers are excluded for developers.

They are not excluded.  Requests in Firefox have different characteristics than Chrome.  Bug 1368527 would likely address this, but leaving open for the specific header request to be verified.

Comment 4

[Shane Caraveo (:mixedpuppy)]

Request timing was fixed for 57, does this issue still affect you?