One document matched: draft-nottingham-safe-hint-06.xml
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.0.22 -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>
<?rfc toc="yes"?>
<?rfc sortrefs="yes"?>
<?rfc strict="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc rfcedstyle="yes"?>
<?rfc tocdepth="1"?>
<rfc ipr="trust200902" docName="draft-nottingham-safe-hint-06" category="std">
<front>
<title abbrev="Preference for Safe Browsing">The "safe" HTTP Preference</title>
<author initials="M." surname="Nottingham" fullname="Mark Nottingham">
<organization></organization>
<address>
<email>mnot@mnot.net</email>
<uri>http://www.mnot.net/</uri>
</address>
</author>
<date year="2015"/>
<area>General</area>
<keyword>safe</keyword> <keyword>preference</keyword> <keyword>child-protection</keyword>
<abstract>
<t>This specification defines a “safe” preference for HTTP requests, expressing a
desire to avoid “objectionable” content.</t>
</abstract>
</front>
<middle>
<section anchor="introduction" title="Introduction">
<t>Many Web sites have a “safe” mode, to assist those who don’t want to be exposed
(or have their children exposed) to “objectionable” content.</t>
<t>However, that goal is often difficult to achieve, because of the need to go to
each Web site in turn, navigate to the appropriate page (possibly creating an
account along the way) to get a cookie <xref target="RFC6265"/> set in the browser, for each
browser on every device used.</t>
<t>If this desire is proactively advertised by the user agent, things become much
simpler. A user agent that supports doing so (whether it be an individual
browser, or through an Operating System HTTP library) need only be configured
once to assure that the preference is advertised to a set of sites, or even all
sites.</t>
<t>This specification defines how to declare this desire in requests as a HTTP
Preference <xref target="RFC7240"/>.</t>
<t>Note that this specification does not precisely define what “safe” is; rather,
it is interpreted within the scope of each Web site that chooses to act upon
this information. Furthermore, sending “safe” does not guarantee that the
Web site will use it.</t>
<t>That said, the intent of “safe” is to allow end users (or those acting on their
behalf) to express a desire to avoid content that is considered “objectionable”
within the cultural context of that site; usually (but not always) content that
is unsuitable for minors. The “safe” preference ought not be used for other
purposes.</t>
<t>It is also important to note that the “safe” preference is not a reliable
indicator that the end user is a child; other users might have a desire for
unobjectionable content, and some children might browse without the preference
being set.</t>
<t>Simply put, it is a statement by (or on behalf of) the end user to the effect
“If your site has a ‘safe’ setting, this user is hereby opting into that,
according to your definition of the term.”</t>
<section anchor="notational-conventions" title="Notational Conventions">
<t>The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”,
“SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this
document are to be interpreted as described in <xref target="RFC2119"/>.</t>
</section>
</section>
<section anchor="safe" title="The “safe” Preference">
<t>When present in a request, the “safe” preference indicates that the
content which is not objectionable is preferred, according to the server’s
definition of the concept. </t>
<t>For example, a request that includes the “safe” preference:</t>
<figure><artwork><![CDATA[
GET /foo.html HTTP/1.1
Host: www.example.org
User-Agent: ExampleBrowser/1.0
Prefer: safe
]]></artwork></figure>
<t>User agents SHOULD include the “safe” preference in all requests, to ensure
that the preference is available to the applicable resources. Note that the
resources which “safe” is sent to is potentially configurable; see <xref target="browsers"/>
for more information.</t>
<t>Additionally, other clients MAY insert it; e.g., an operating system might
choose to insert the preference in requests based upon system-wide
configuration.</t>
<t>Origin servers that utilize the “safe” preference ought to document that they do
so, along with the criteria that they use to denote objectionable content. If a
server has more fine-grained degrees of “safety”, it SHOULD select a reasonable
default to use, and document that; it MAY use additional mechanisms (e.g.,
cookies <xref target="RFC6265"/>) to fine-tune.</t>
<t>A response corresponding to the request above might have headers that look
like this:</t>
<figure><artwork><![CDATA[
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/html
Server: ExampleServer/2.0
Vary: Prefer
]]></artwork></figure>
<t>Note that the Vary response header needs to be sent if cacheable responses
associated with the resource might change depending on the value of the
“Prefer” header. This is not only true for those responses that are “safe”,
but also the default “unsafe” response.</t>
<t>See <xref target="RFC7234"/> Section 4.1 for more information the interaction between Vary
and Web caching.</t>
<t>See <xref target="servers"/> for additional advice specific to Web servers wishing to use
“safe”.</t>
</section>
<section anchor="implementation-status" title="Implementation Status">
<t><spanx style="emph">Note to RFC Editor: Please remove this section before publication.</spanx></t>
<t>This section records the status of known implementations of the protocol
defined by this specification at the time of posting of this Internet-Draft.
The description of implementations in this section is intended to assist the
IETF in its decision processes in progressing drafts to RFCs. Please note that
the listing of any individual implementation here does not imply endorsement by
the IETF. Furthermore, no effort has been spent to verify the information
presented here that was supplied by IETF contributors. This is not intended as,
and must not be construed to be, a catalog of available implementations or
their features. Readers are advised to note that other implementations may
exist.</t>
<t><list style="symbols">
<t>Microsoft Internet Explorer - see http://support.microsoft.com/kb/2980016</t>
<t>Microsoft Bing</t>
<t>Mozilla Firefox - see https://bugzilla.mozilla.org/show_bug.cgi?id=995070</t>
<t>Cisco - see http://blogs.cisco.com/security/filtering-explicit-content</t>
<t>YouTube - based upon testing the live site (not formally announced)</t>
</list></t>
</section>
<section anchor="security-considerations" title="Security Considerations">
<t>The “safe” preference is not a secure mechanism; it can be inserted or removed
by intermediaries with access to the request stream (e.g. for “http://” URLs).
Its presence reveals limited information about the user, which may be of small
assistance in “fingerprinting” the user.</t>
<t>By its nature, including “safe” in requests does not assure that all
content will actually be safe; it is only when servers elect to honor it that
content might be “safe”.</t>
<t>Even then, a malicious server might adapt content so that it is even less
“safe” (by some definition of the word). As such, this mechanism on its own is
not enough to assure that only “safe” content is seen; those who wish to
ensure that will need to combine its use with other techniques (e.g., content
filtering).</t>
<t>Furthermore, the server and user may have differing ideas regarding the
semantics of “safe.” As such, the “safety” of the user’s experience when
browsing from site to site might (and probably will) change. </t>
</section>
<section anchor="iana-considerations" title="IANA Considerations">
<t>This specification registers the “safe” preference <xref target="RFC7240"/>:</t>
<t><list style="symbols">
<t>Preference: safe</t>
<t>Value: (no value)</t>
<t>Description: Indicates that “safe” / “unobjectionable” content is preferred.</t>
<t>Reference: (this document)</t>
<t>Notes: </t>
</list></t>
</section>
</middle>
<back>
<references title='Normative References'>
<reference anchor='RFC2119'>
<front>
<title abbrev='RFC Key Words'>Key words for use in RFCs to Indicate Requirement Levels</title>
<author initials='S.' surname='Bradner' fullname='Scott Bradner'>
<organization>Harvard University</organization>
<address>
<postal>
<street>1350 Mass. Ave.</street>
<street>Cambridge</street>
<street>MA 02138</street></postal>
<phone>- +1 617 495 3864</phone>
<email>sob@harvard.edu</email></address></author>
<date year='1997' month='March' />
<area>General</area>
<keyword>keyword</keyword>
<abstract>
<t>
In many standards track documents several words are used to signify
the requirements in the specification. These words are often
capitalized. This document defines these words as they should be
interpreted in IETF documents. Authors who follow these guidelines
should incorporate this phrase near the beginning of their document:
<list>
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
RFC 2119.
</t></list></t>
<t>
Note that the force of these words is modified by the requirement
level of the document in which they are used.
</t></abstract></front>
<seriesInfo name='BCP' value='14' />
<seriesInfo name='RFC' value='2119' />
<format type='TXT' octets='4723' target='http://www.rfc-editor.org/rfc/rfc2119.txt' />
<format type='HTML' octets='17970' target='http://xml.resource.org/public/rfc/html/rfc2119.html' />
<format type='XML' octets='5777' target='http://xml.resource.org/public/rfc/xml/rfc2119.xml' />
</reference>
<reference anchor='RFC7240'>
<front>
<title>Prefer Header for HTTP</title>
<author initials='J.' surname='Snell' fullname='J. Snell'>
<organization /></author>
<date year='2014' month='June' />
<abstract>
<t>This specification defines an HTTP header field that can be used by a client to request that certain behaviors be employed by a server while processing a request.</t></abstract></front>
<seriesInfo name='RFC' value='7240' />
<format type='TXT' octets='32796' target='http://www.rfc-editor.org/rfc/rfc7240.txt' />
</reference>
</references>
<references title='Informative References'>
<reference anchor='RFC6265'>
<front>
<title>HTTP State Management Mechanism</title>
<author initials='A.' surname='Barth' fullname='A. Barth'>
<organization /></author>
<date year='2011' month='April' />
<abstract>
<t>This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 2965. [STANDARDS-TRACK]</t></abstract></front>
<seriesInfo name='RFC' value='6265' />
<format type='TXT' octets='79724' target='http://www.rfc-editor.org/rfc/rfc6265.txt' />
</reference>
<reference anchor='RFC7234'>
<front>
<title>Hypertext Transfer Protocol (HTTP/1.1): Caching</title>
<author initials='R.' surname='Fielding' fullname='R. Fielding'>
<organization /></author>
<author initials='M.' surname='Nottingham' fullname='M. Nottingham'>
<organization /></author>
<author initials='J.' surname='Reschke' fullname='J. Reschke'>
<organization /></author>
<date year='2014' month='June' />
<abstract>
<t>The Hypertext Transfer Protocol (HTTP) is a stateless \%application- level protocol for distributed, collaborative, hypertext information systems. This document defines HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages.</t></abstract></front>
<seriesInfo name='RFC' value='7234' />
<format type='TXT' octets='90647' target='http://www.rfc-editor.org/rfc/rfc7234.txt' />
</reference>
</references>
<section anchor="acknowledgements" title="Acknowledgements">
<t>Thanks to Alissa Cooper, Ilya Grigorik, Emma Llanso, Jeff Hughes, Lorrie
Cranor, Doug Turner and Dave Crocker for their comments.</t>
</section>
<section anchor="browsers" title="Setting “safe” from Web Browsers">
<t>As discussed in <xref target="safe"/>, there are many possible ways for the “safe”
preference to be generated. One possibility is for a Web browser to allow its
users to configure the preference to be sent.</t>
<t>When doing so, it is important not to misrepresent the preference as binding to
Web sites. For example, an appropriate setting might be a checkbox with wording
such as:</t>
<figure><artwork><![CDATA[
[] Request "safe" content from Web sites
]]></artwork></figure>
<t>… along with further information available upon request (e.g., from a “help”
system).</t>
<t>Browsers might also allow the “safe” preference to be “locked” – that is,
prevent modification without administrative access, or a passcode.</t>
<t>Note that this specification does not constrain browsers to send “safe” on all
requests, although that is one possible implementation; e.g., an alternate
implementation strategy would be to allow a blacklist (of sites that “safe” is
not sent to).</t>
</section>
<section anchor="servers" title="Supporting “safe” on Web Sites">
<t>Web sites that allow configuration of a “safe” mode (for example, using a
cookie) can add support for the “safe” preference incrementally; since the
preference will not be supported by all clients immediately, it is necessary to
have another way to configure it.</t>
<t>When honoring the safe preference, it is important that it not be possible to
disable it through the Web site’s interface, since “safe” may be configured and
locked down by the browser’s administrator (e.g., a parent). If the site has
configuration (e.g., stored user preferences) and the safe preference is
received in a request, the “safer” interpretation is always used.</t>
<t>If the user expresses a wish to disable “safe” mode, the site should remind
them that the safe preference is being sent, and ask them to consult their
administrator (since “safe” might be set by a locked-down Operating System
configuration).</t>
<t>As explained in <xref target="safe"/>, responses that change based upon the presence of the
“safe” preference need to either carry the “Vary: Prefer” response header
field, or be uncacheable by shared caches (e.g., with a “Cache-Control:
private” response header field). This is to avoid an unsafe cached response
being served to a client that prefers safe content (or vice versa).</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 15:35:30 |