There’s currently no good way to determine whether or not a browser / environment supports GZIP-deflated content entirely from the front-end. Servers can interrogate the Accept-Encoding header when they receive the request, but client-side JavaScript cannot see this value at all.
This is important when using a CDN that doesn’t facilitate selection of appropriately deflated content (e.g. AWS CloudFront). I’ve had projects where the initial HTML content is dynamically generated only so that the server can pass the Accept-Encoding header back to the client. That way, the client can adjust the other URLs it uses to pick pre-GZIPed files, e.g. blah.js.gz instead of blah.js all the time.
I was initially thinking that navigator.acceptEncoding could just be specified to contain the default outgoing value of this header, but it occurred to me that there are probably other headers where this is handy.
Should this be a function such as XMLHttpRequest.getDefaultRequestHeaders()?
Should all such headers just dangle from the navigator object as in my previous example?
I’d want the acceptable encoding / formats to be readable from navigator, especially since I might care about it in a scenario where I’m not touching XHR (for instance, populating <img>src attributes).
Heck, it would be nice for the other Accept header(s) to be queryable directly off navigator: this way I could read if the browser supports webm, or mng, or whatever image formats too. (Of course, fields like navigator.acceptLanguage are another fingerprinting vector, but they’re already a vector via XHR: it’s not like making clients unable to do it themselves is going to make users safer.)
Some of those headers vary based on context so navigator seems unsuitable. However, navigator.acceptEncoding makes sense. I recommend emailing the WHATWG list for that one. Is there a browser that does not support gzip though? Might be a baseline requirement these days.
Would you be willing to email the WHATWG list about the acceptEncoding property to avoid having to do such tests on the initial fetch and rewriting the response accordingly?
Also, this is obvious but somebody should say it: exposing headers to a request, if doing so for actual requests (and not just querying content support), MUST NOT expose things like Cookie.