Information

Private Cross-Origin/Site Prefetch
  • Upcoming
  • Tentative
  • Breakout Sessions

Meeting

Event details

Date:
Japan Standard Time
Status:
Tentative
Location:
R06
Participants:
Robert Liu, Noam Rosenthal
Big meeting:
TPAC 2025 (Calendar)

Prefetching can significantly improve web performance by loading resources before a user navigates to them, but doing so across different origins or sites can harm user privacy. Directly prefetching from a third-party server can leak a user's IP address and browsing context.

The Prefetch spec states a need for IP anonymization and handwaves over how it’s achieved, leaving it implementation-defined [1]. Let’s look at a couple proposals of how this works in the browser, with a browser-provided proxy [2] and a proposal for website-provided proxies [3].

Finally, we will discuss the path to enable private cross-origin/site prefetch across browsers. Open discussion of privacy and security goals, threat models, and future work in implementation and standardization.

Agenda

Chairs:
Robert Liu

Description:
Prefetching can significantly improve web performance by loading resources before a user navigates to them, but doing so across different origins or sites can harm user privacy. Directly prefetching from a third-party server can leak a user's IP address and browsing context.

The Prefetch spec states a need for IP anonymization and handwaves over how it’s achieved, leaving it implementation-defined [1]. Let’s look at a couple proposals of how this works in the browser, with a browser-provided proxy [2] and a proposal for website-provided proxies [3].

Finally, we will discuss the path to enable private cross-origin/site prefetch across browsers. Open discussion of privacy and security goals, threat models, and future work in implementation and standardization.

Goal(s):
Discussion

Materials:

Joining Instructions

Instructions are restricted to W3C users . You need to log in to see them.

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

Feedback

Report feedback and issues on GitHub.