Client Hints HTTP Headers in Buyer Trusted Server Calls

[talbizit]

Currently, the buyer trusted server does not receive Client Hints HTTP headers. Can this feature be added?

[thegreatfatzby]

@talbizit do you mean the "trusted server" as in the KV TEE being used with on-device, KV TEE being used with B&A, or do you mean an untrusted BYOS being used with the on-device?

Either way, as a non-Googler I'm interested in what you'd want to use UACH for in the KV call.

[dmdabbs]

There is a Monorail/buganizer request for this:
https://issues.chromium.org/issues/325513778

[talbizit]

@thegreatfatzby different platforms and OS has different vectors that influence the bid, as these handled by the trusted server, this is why this input is important.

@dmdabbs thanks for the update.

[omriariav]

Hi @thegreatfatzby @dmdabbs - and word from the Chromium team on fix ETA?

[dmdabbs]

Hi @thegreatfatzby @dmdabbs - and word from the Chromium team on fix ETA?

None @omriariav. I just inquired on that buganizer ticket.

I suggested that the new Real-Time Reporting API histogram postbacks include low entropy UACH. Paul Jensen suggested I note that interest on this issue.

@JensenPaul I'd like to also register interest in receiving low entropy UACH on PAAPI updateURL requests. Net-log trace shows they are missing:

GET /fetch/updateurl HTTP/1.1
Connection: keep-alive
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9