User-agent client hints
Phabricator project: #http-client-hints
Client Hints are information about your device and browser which is sent on request to websites you visit by browsers such as Google Chrome and Edge. The CheckUser extension requests and collects this data by default to support the community in reducing vandalism and abuse. This data is deleted after 90 days and can only be viewed by trusted users. For more high-level information, see mw:Extension:CheckUser/Client Hints.
Collection of client hint data on all wikis began on August 22, 2023.
Configuration
wgCheckUserClientHintsEnabled
, set tofalse
to disable collection and storage of client hints data on a wiki
See mw:Extension:CheckUser#Configuration_2 for other configuration settings related to client hints.
Technical details
- on non-Special pages, we load the
ext.checkUser.clientHints
ResoureLoader module, which listens to the MediaWikipostEdit
JavaScript hook.- After a client makes an edit, if it supports the client hints JavaScript API, it will POST the client hint data to
w/rest.php/checkuser/v0/useragent-clienthints/{type}/{id}
. - The UserAgentClientHintsHandler class in CheckUser stores the values in
cu_useragent_clienthints
andcu_useragent_clienthints_map
. Thecu_useragent_clienthints_map
table links client hint data with a revision, or to a CheckUser log event. - The
purgeOldData.php
maintenance script in CheckUser runs via puppet (code) and ensures that data older than 90 days is removed.
- After a client makes an edit, if it supports the client hints JavaScript API, it will POST the client hint data to
- on certain Special pages (see
CheckUserClientHintsSpecialPages
) and content pages with an action query parameter (seeCheckUserClientHintsActionQueryParameter
, currently it is used for?action=history
because users can perform one-click rollback edits from this UI), MediaWiki will request client hints from the client using a server header. On the subsequent request, the client will send client hint data, and CheckUser ingests these valuesupdateCheckUserData
- CheckUser by default sends an empty
Accept-CH
header field; this instructs browsers to not send client hint data by default. We need to do this, because once you request client hint data withAccept-CH
header, the browser will continue to send this data for the duration of the user's browsing session, and we only collect this information in specific scenarios (performing a rollback, creating an account, emailing a user, resetting a password, etc)
- CheckUser by default sends an empty
Resources
- Epic for implementing client hints functionality [EPIC] Support User-Agent Client Hints header in CheckUser (T257893)
- Phab project for related tasks
- Technical contacts: User:Dreamy Jazz, User:Kosta Harlan
- Project plan (WMF only)
- WMF Slack #chrome-ua-deprecation