Version: 0.0.1, 2021-04-21
Authors:
- Manuel Strehl, Kinetiqa GmbH
The use of icons to represent websites expanded in many different ways since
the introduction of the favicon in 1999.
This created the need to announce supported icons by various means, most
famously with <link>
elements in the head of HTML files.
The aim of this standard is to reduce the need for markup for website icons as
far as possible.
Therefore it provides conventions that base on the proven /favicon.ico
mechanism but extend it for current and future multi-platform needs.
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119.
The path prefix /.well-known/
is defined in RFC
8615.
The website icon standard strives to register a normative “Well-Known URI”
icons
.
A website icon is a visual representation of a website. It SHOULD be used by the user agent when representing the page in the user interface. This definition matches the one from the HTML 5 standard.
An icon set is a matching set of icons to together represent a specific resource.
Website icons are located in the /.well-known/icons
folder in the docroot of
a web server.
The file names are relative to the /.well-known/icons/
folder.
- the default favicon in the format SVG is named
favicon.svg
. - the default favicon in the format ICO for backwards compatibility is named
favicon.ico
. - icons in a pixel-based image format are named
icon-SIZE.EXT
. - icons in a scaling image format are named
icon.EXT
. - a platform-specific icon is named
VENDOR-PLATFORM[-SIZE].EXT
. The componentsVENDOR
,PLATFORM
,SIZE
andEXT
are defined in the registry such that the possible combinations ofSIZE
andEXT
for a givenVENDOR
-PLATFORM
set do not exceed 24. - the special values
default
andicon
for theVENDOR
component are reserved for future extensions. - the plain-text list of available icons is named
index.txt
. Every line in this file that doesn’t start with the character#
represents a URL with base/.well-known/icons/
. - the server MAY provide an
index.html
file with human-readable information about the icons. - the folder MAY contain other files, provided that their file names do not conflict with registered file names of the website icon standard.
Sizes MUST match WIDTH "x" HEIGHT
, where WIDTH
and HEIGHT
are integers.
In the case of square images the second part "x" HEIGHT
MUST be omitted.
File extensions MUST be representative of their content type.
A file ending in .png
must be of type image/png
and so on.
[TODO #3]
If several names can be satisfied by the same content, a single file with this content MAY be symlinked or otherwise made available by all those names.
The formal ABNF syntax for file names defined in this standard is as follows:
FILENAME = favicon / icon / vendor-icon
favicon = "favicon." EXT
icon = "icon" [ "-" SIZE ] "." EXT
vendor-icon = VENDOR "-" PLATFORM [ "-" SIZE ] "." EXT
EXT = 1*( ALPHA / DIGIT )
SIZE = WIDTH [ "x" HEIGHT ]
; where HEIGHT must be different from WIDTH
VENDOR = 1*( ALPHA / DIGIT / "_" )
PLATFORM = 1*( ALPHA / DIGIT / "_" )
WIDTH = 1*DIGIT
HEIGHT = 1*DIGIT
ALPHA
and DIGIT
match the respective rules from RFC
5234.
Icon sets differing from the default set are bundled in sub-folders.
The file names as specified above are relative to the sub-folder inside
/.well-known/icons/
with the same name as the set.
For example, a set of icons for a photo gallery page can reside in
/.well-known/icons/gallery/
. The icon set is named gallery
.
Every icon set folder MUST at least contain its own index.txt
file with URLs
relative to itself and either a favicon.svg
or favicon.ico
image.
An HTML page can choose to select an icon set by using the following line in
the <head>
of the document:
<meta name="icon-set" content="SET-IDENTIFIER">
The value for SET-IDENTIFIER
MUST be a valid, case-sensitive folder name,
that exists under /.well-known/icons/
.
If SET-IDENTIFIER
is the empty value or a single U+002E dot, the default set
MUST be used.
Two U+002E dots in row MUST NOT appear.
U+002F slashes MAY appear, if the resulting SET-IDENTIFIER
is still a valid
path under /.well-known/icons/
.
If the value for SET-IDENTIFIER
contains characters, that are not valid in
a URI, the client MUST use the percent-escaped UTF-8 encoded representation of
the identifier string for requests in accordance with RFC
3987.
If an icon set is chosen in this way, auto-detected URLs as described in the
next chapter are searched in /.well-known/icons/SET-IDENTIFIER
instead of
/.well-known/icons/
.
A user agent SHOULD load the file /.well-known/icons/favicon.svg
, if it needs a
visual representation, e. g. as favicon, for the current website.
If this request returns a HTTP 404 status, it MAY load the file
/.well-known/icons/favicon.ico
.
A user agent or other client MAY try to load the file
/.well-known/icons/index.txt
for a list of available icons.
A user agent or other client MAY try to load a specific icon for a
VENDOR-PLATFORM[-SIZE].EXT
combination without looking up index.txt
first,
but MUST stop, if it finds no suitable candidate after three tries.
Clients MUST follow HTTP redirects from URLs within the
/.well-known/icons/
folder to URLs with the same origin.
Clients SHOULD follow redirects to a resource with a different origin, if this
resource is not deemed a security or privacy threat.
If a client requests /favicon.ico
from the docroot and is redirected to
either /.well-known/icons/favicon.svg
or /.well-known/icons/favicon.ico
,
it SHOULD assume that the server supports the website icon standard.
A server conforming to this specification MUST provide either a
favicon.svg
or a favicon.ico
file and a file index.txt
under the path
/.well-known/icons/
.
The server MUST provide these files also for every icon set in use (i.e.,
sub-folders of /.well-known/icons/
).
Lines in index.txt
MUST NOT start with a U+002F slash.
All other features of this specification are optional.
A client conforming to this specification MUST adhere to the limits and orders specified in the auto-detection section above, if it opts into loading icons.
It MUST ignore entries in index.txt
that contain a U+002F slash anywhere.
This includes in particular the icon selection, when a matching icon is found
by its base name in a sub-folder of /.well-known/icons/
but no matching icon
set is requested.
This icon MUST be ignored.
Currently, user agents automatically load a file /favicon.ico
.
This request can be symlinked or redirected to
/.well-known/icons/favicon.ico
.
Special icons, that are currently loaded automatically, can be handled in the
same way.
For example, /apple-touch-icon.png
can be symlinked to
/.well-known/icons/apple-touch-180.png
.
HTML files can point directly to any icon by including the URL as <link>
element in the <head>
:
<link rel=icon href="/.well-known/icon/special_icon.png" sizes="57x57" type="image/png">
<link rel=icon href="/.well-known/icon/my_logo.svg" type="image/svg+xml">
<link rel="shortcut icon" href="/.well-known/icon/favicon.svg" type="image/svg+xml">
The same mechanism also allows backwards-compatibility with the icon set feature:
<link rel="shortcut icon" href="/.well-known/icon/gallery/favicon.ico">
Icons SHOULD be cached by user agents independently from the actual HTTP headers. To force re-downloads, the icon set feature can be used. By incrementing a counter the user agent knows, that the icon might have changed:
<meta name="icon-set" content="v3.2.0">
The server can then be instructed to ignore such set prefixes when serving the
request for /.well-known/icons/v3.2.0/favicon.svg
and instead serve the
file under /.well-known/icons/favicon.svg
.
Icon sets used in this way resemble the use of so-called cache-busting strings
in URLs.
This standard does not impose any restrictions on user agents with regard to
dynamically changing icons.
This includes setting a <link rel=icon>
or, in conforming user agents, a
<meta name=icon-set>
via JavaScript.
User agents MAY allow to change favicons or other icons by these means.
Servers MAY serve dynamic icons based on request details, e.g. user sessions. Caution must be exercised to handle client caching of icons correctly.
Some institutions, like universities, offer private web space under
certain paths, e.g., /~user-id/
. The website icon standard itself offers no
special mechanism to address differing icons based on sub-paths.
There are several options, though, for path-based adaption of icons.
The most straight-forward is to explicitly add icon paths to the mark-up, as
would already be necessary today.
In the absence of such mark-up today’s behaviour is already to load
favicon.ico
from the docroot.
One other option can be enabled by the server admin by leveraging the icon set
feature.
A redirect from /.well-known/icons/user-id/
to, e.g., /~user-id/icons/
allows users to switch to their own set of icons with a single line in the HTML
<head>
:
<meta name="icon-set" content="user-id">
The Web Application Manifest Specification also allows defining a list of icons. Icons can be classified by their size and their purpose.
The website icon standard does not specify explicit meta-documents, that serve
the same purpose.
However, icons named after the scheme layed out above can be referenced in a
web application manifest.
Size and purpose can furthermore be coded in the PLATFORM
and SIZE
identifiers of the naming scheme.
This standard explicitly excludes other meta-data about websites than icons. One closely related item is a theme color, that must sometimes be chosen together with a matching icon.
For defining a theme color, we refer to the Web Application Manifest Specification, that already offers this possibility. By referencing different manifests from different HTML pages the theme colors can also be adapted to different icon sets as defined in this document.
The HTML Standard
specifies loading /favicon.ico
as fallback in the case, where an
HTML document contains no link@rel=icon
element.
Given reasonable browser support for the website icon standard eventually, we
suggest updating the HTML Standard to consider the behaviour laid out in this
document instead.
HTML defines the sizes
attribute to denote an icon’s dimensions.
The website icon standard deviates deliberately from the definition in two
major ways.
For one, HTML allows both lower-case “x” and upper-case “X” as separators
between width and height. Then, the declaration of the height is always
mandatory.
These properties are not adopted here in order to make URLs both as concise and predictable as possible.
RFC 8288 defines possibilities to link resources on the web. The website icon standard has no effect on this mechanism but provides a supplemental means of receiving a specific piece of meta-data for a site by leaning on convention instead of explicit linkage. In this way both standards complement one another.
The registry of known token combinations for VENDOR
, PLATFORM
, SIZE
, and
EXT
is located at [TODO #1].
A new registration request can be issued by following the instructions on that
page.
A successful registration request MUST contain at least the following information: [TODO #2]
-
contact address: person or company who is registering and will be allowed to request changes later on.
-
VENDOR
token, that matches the syntax from the chapter Formal Syntax. -
PLATFORM
token, that matches the syntax from the chapter Formal Syntax. -
supported
EXT
extensions. -
if
EXT
contains size-dependent formats, supportedSIZE
parameters. The number of possibleSIZE
andEXT
combinations MUST NOT exceed 24. -
any geometric restrictions or graphic alteration, that will be applied. Examples are “will be rendered in a circle shape” or “will have a gloss effect applied”.
Complex mask shapes MUST be given in the form of an SVG graphic, that can be applied as mask.
Additional information, like developer documentation or references, can be submitted.
The registry will also contain the date of the registration request.
Malicious actors can dynamically alter favicons in such a way, that users are tricked into believing they are on a different site. Examples are changing favicon and page title after some idle time, when the user might be distracted.
A similar attack can be executed by using icons, that are not immediately visible to the user. If a Progressive Web App offers a desktop icon and label that suggest a different site, the user might not notice the installation. They will in a later session click the desktop icon oblivious to the fact that the content is served by another site.
Long-lasting favicon cache entries can be used to finger-print user agents. If cache entries are re-used in private browsing sessions, this can lead to inadvertently exposing users.
Some image formats include extended scripting or animation features. These features might be unnecessary when used in icons. Disabling them reduces attack surfaces by removing entry points for script execution, e.g. JavaScript in SVG, or timing attacks, e.g. by high-fidelity animation timing.
If a server redirects an icon request to another origin, loading the redirected URL might expose details of the current user. Malicious actors could also try to exploit a bug in a specific user agent’s image handling by redirecting to a server under their control. User agents need to take care, that as little information as possible is handed on to the external icon server.
- [RFC2119] Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, March 1997.
- [RFC8615] Nottingham, M., “Well-Known Uniform Resource Identifiers (URIs)”, RFC 8615, May 2019.
- [HTML] van Kesteren, A., Denicola, D., Hickson, I., Jägenstedt, P., Pieters, S., “HTML standard”, WHATWG, Living Standard.
- [RFC5234] Crocker, D., Ed., Overell, P., “Augmented BNF for Syntax Specifications: ABNF”, RFC 5234, January 2008.
- [RFC3987] Duerst, M., Suignard, M., “Internationalized Resource Identifiers (IRIs)”, RFC 3987, January 2005.
- [RFC8288] Nottingham, M., “Web Linking”, RFC 8288, October 2017.
- [WebApp] Cáceres, M. et al., “Web Application Manifest Specification”, W3C Working Draft, April 2021.
The following diagram shows a minimal folder structure for a valid server set-up:
.well-known/
icons/
favicon.svg
index.txt
The file index.txt
contains the single line favicon.svg
.
Here is a more complete example with some commonly needed vendor versions:
favicon.ico -> .well-known/icons/favicon.ico
apple-touch-icon.png -> .well-known/icons/apple-touch-180.png
.well-known/
icons/
favicon.ico
favicon.svg
index.txt
index.html
icon-192.png
icon-310x150.png
android-icon-192.png -> icon-192.png
apple-touch-180.png
ms-square_tile-150.png
ms-wide_tile-310x150.png -> icon-310x150.png
safari-mask.svg
webapp-icon-192.png -> icon-192.png
webapp-splash-512.png
webapp-splash.svg
The file favicon.svg
will be loaded by conforming clients.
Fallback behaviour is implemented with symlinks.
The vendor prefix webapp
denotes icons used in the web app manifest of the
site.
Note, that all vendor and platform strings in this example are still preliminary and likely to change.
A third example uses the icon set feature:
.well-known/
icons/
favicon.svg
index.txt
tulips/
favicon.svg
index.txt
roses/
favicon.svg
index.txt
webapp-icon-192.png
hyacinths/
favicon.ico
index.txt
This structure offers one default favicon and three distinct icon sets tulips
,
roses
, and hyacinths
.
Each set is in itself a complete implementation of the website icon standard.