Before we get started there are some terms which are going to appear over-and-over again which you need to understand enough about to be able to follow the discussion. We are going to cover those here. This is not a post you have to read. I am noting it here as a post so you know it is there for you to reference as needed. This will be a living document, so you can always check back in if you see a new term that I haven’t explained before to see if I define it here. Alternately, please use the comments section below to ask me to define terms here that you would find useful.
Navigable (formal definition)
A navigable presents a document to the user via its active session history entry.
Traversable Navigable (formal definition)
A traversable navigable is a navigable that also controls which session history entry should be the current session history entry and active session history entry for itself and its descendant navigables
Origin
An origin is defined by a scheme (such as HTTPS), a hostname, and a port. For example, https://example.com and https://example.com/app/index.html belong to the same origin because they have the same scheme (https), hostname (example.com), and default port. This can also be referred to as a “scheme/host/port tuple”.
The table in Figure 1 below was taken from the Mozilla Documentation on same-origin policy (we’ll get to that in a moment). It provides examples of what is or is not the “same origin).
Figure 1 - Examples of URLs and Whether They Represent the Same Origin
Origins are the fundamental unit of the web's security model. Two elements in a web platform that share an origin are assumed to trust each other and to have the same authority. Elements with differing origins are by default assumed to be potentially hostile actors, and are isolated from each other to varying degrees. The Privacy Sandbox is particularly concerns about cross-origin data being used to re-identify a specific user agent through techniques like browser fingerprinting.
Opaque Origin
An opaque origin is a fairly technical concept for a blog dedicated to semi-technical ad tech readers. But it is something you are going to have to know when we get into cross-origin site access. Browsers usually treat the origin of files loaded from a folder on the hard drive (using a file:/// schema) as being from a different origin from the website that makes the call. These secondary calls are called opaque origins because they contain a “null” instead of a specific URL when a call is made to them.
Partition
A partition is a way to isolate resources, data, or functionalities within a larger system like a web browser.
postmessage()
postmessage() is a Javascript function that sends data locally between the Window objects and does not generate an HTTP request to send data. It allows cross-origin communication between different window objects on a web page. postmessage() will become very important as we get into the internals of the Privacy Sandbox.
Top-Level Domain (TLD)
The highest level in the hierarchical domain name system (DNS) of the internet. Examples include ".com", ".org", ".net", and country-specific codes like ".uk" or ".jp". In a URL, the top-level domain is the root of the of the URL (e.g. www.example.com).
Web Page
A document which can be displayed in a web browser such as Arc, Brave, Firefox, Google Chrome, Opera, Microsoft Edge, or Apple Safari. These are also often called just "pages."
(Web)Site
A collection of web pages which are grouped together and usually connected together in various ways. Often called a "website" or a "site."
(Web) Server
A computer that hosts a website on the Internet.
User Agent
So this definition gets a bit muddy when we distinguish between its formal and informal use. The formal definition of a user agent is a computer program representing a person, for example, a browser in a Web context. You will often see it used as a broad term in specifications, Github repository documentation, and in issues/related conversations to represent not just a browser, but a mobile device, a mobile app, or any user-based device that runs HTML - perhaps an HTML-based app in a CTV environment or a car dashboard.
Besides a browser, a user agent could be a bot that scrapes webpages, a download manager, or another app accessing the Web. But you don’t often see it used that way in general.
User Agent Header
A user agent request header (or in common parlance, the user agent header) is a string that allows servers and network peers to recognize the application, operating system, vendor, and/or version of the requesting user agent. This is important so that the server returns code that will be correctly formatted for the specific hardware/operating system/browser combination making the request The common format is this:
User-Agent: Mozilla/5.0 (<system-information>) <platform> (<platform-details>) <extensions>
And a real-world example is this:
Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefoxversion
It is well-nigh impossible to figure out just by looking at an uninterpreted user-agent header which specific combination of browser, operating system, vendor, and version is represented. Thus there are services like what is my browser which will convert the gobbledygook above to something a real human can comprehend. Figure 2 shows the conversion of my browser string:
Figure 2: Example of a Converted User Agent Header
