design-reviews#1064: Expose contentEncoding in resourceTiming

#1064: Expose contentEncoding in resourceTiming

Opened Mar 4, 2025

こんにちは TAG-さん!

I'm requesting a TAG review of exposing contentEncoding in resourceTiming.

Propose that we add an explicit .contentEncoding in resourceTiming. contentEncoding value has been very helpful for web apps and CDN in monitoring and optimization. As more compressions are deployed, it's no longer practical to infer such value. Therefore, it's desirable to explicitly expose it.

Explainer¹: https://github.com/guohuideng2024/resource-timing/blob/gh-pages/Explainers/Content_Encoding.md
Specification: https://github.com/whatwg/fetch/pull/1796 https://github.com/w3c/resource-timing/pull/411
WPT Tests: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/resource-timing/content-encoding.https.html
User research: Here.
Security and Privacy self-review²: Here.
GitHub repo: https://github.com/w3c/resource-timing
Primary contacts: @guohuideng2024, Microsoft
Organization/project driving the specification: Microsoft
Multi-stakeholder support³:
- Chromium comments: Already implemented behind a feature flag.
- Mozilla comments: https://github.com/mozilla/standards-positions/issues/1189
- WebKit comments: https://github.com/WebKit/standards-positions/issues/467
Status/issue trackers for implementations⁴: https://chromestatus.com/feature/4818080273006592 https://github.com/w3c/resource-timing/issues/381

Further details:

I have reviewed the TAG's Web Platform Design Principles
The group where the work on this specification is currently being done: WebPerfWG
The group where standardization of this work is intended to be done (if different from the current group): WebPerfWG
Major unresolved issues with or opposition to this specification: None.
This work is being funded by: Microsoft

Discussions

Discussed Apr 28, 2025 (See Github)

Xiaocheng: discussing Martin's feedback this is about content encoding... more of an output thing... the server decides the encoding... This proposal seems OK to me - guarding the content encoding behind CORS. This should have been in resource timing in the first place...

Torgo: Re the explainer: what's the user need? What are we trying to protect the user from? It's written assuming we are familiar with the security issue, rather than "user interacts with this kind of webpage. In this kind of situation, this issue may happen. therefore this technology is there to fix that." Reasonable?

Xiaocheng: yes.

Torgo: looks at the User research link in the issue. This detail could have been surfaced in the explainer. But I still have the same question: what are we trying to protect users from? I'll leave that feedback.

Discussed May 5, 2025 (See Github)

Martin wrote a draft comment.

Xiaocheng: Looks good.

Martin to post and leave it open.

Discussed Jun 2, 2025 (See Github)

Martin: They replied. They justified the user need, although phrasing it around user research wasn't quite right.

Jeffrey: Satisfied?

Martin: Yes. Might add a comment about "unknown".

Jeffrey: Oh, I saw that discussion on the HTTPWG list: https://lists.w3.org/Archives/Public/ietf-http-wg/2025AprJun/0039.html.