Spec states that the value of the nextHopProtocol can be different depending on use of a proxy:
When a proxy is configured, if a tunnel connection is established then this attribute MUST return the ALPN Protocol ID of the tunneled protocol, otherwise it MUST return the ALPN Protocol ID of the first hop to the proxy.
This suggests that a website, having knowledge about the resources being loaded and expected nextHopProtocol values, can detect visitors using a proxy. This could be abused to enforce geo-restrictions and prosecute (in certain parts of the world) users using proxy software.
Since user agent may be unable to determine the safe value of the nextHopProtocol when connection is tunneled, we suggest that this property is dropped.
Spec states that the value of the nextHopProtocol can be different depending on use of a proxy:
This suggests that a website, having knowledge about the resources being loaded and expected nextHopProtocol values, can detect visitors using a proxy. This could be abused to enforce geo-restrictions and prosecute (in certain parts of the world) users using proxy software.
Since user agent may be unable to determine the safe value of the nextHopProtocol when connection is tunneled, we suggest that this property is dropped.