JavaScript Preflight Injection

Editor's Draft August 30, 2013

This version:
Latest version:
Latest Editor's Draft:
Alois Reitbauer, Compuware Corp., <>


This specification defines an HTTP-based loading mechanism for JavaScript monitoring code which leverages other performance APIs (like Resource Timing).

Status of this document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at

This is a work in progress and may change without any notices.

Please send comments to (archived) with [JSPreflight] at the start of the subject line.

This document is produced by the Web Performance Working Group. The Web Performance Working Group is part of the Rich Web Clients Activity in the W3C Interaction Domain.

Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

Table of Contents

  1. 1 Introduction
  2. 2 Conformance requirements
  3. 3 Terminology
  4. 4 JavaScript Preflight Injection
    1. 4.1 Introduction
    2. 4.2 Executing Preflight Scripts
    3. 4.3 Vendor Prefixes
    4. 4.4 Processing Model
  5. 5 Privacy and Security
  6. 6 References

1 Introduction

This section is non-normative.

Performance data collection is well supported by Navigation Timing, Resource Timng and Navigation Error Logging. The collection, processing of the data as well as the data transfer to a monitoring server is left to application owners. The currently used approach is to add a script to the page which then takes care of the above tasks as shown below.

For example, an HTML page that wants to load a JavaScript file which processes and sends Performance Timeline data will be integrated into a page using a JavaScript tag in the head section of the page.

          <script type="text/javascript" src="./monitoring.js" ></script>
While this approach works in simple cases it is rather limited and may even result in errors.

To address the need for a better mechanism to add analytics logic to web pages the Javascript Preflight Injection specification defines a standardized and reliable approach to load JavaScript for analytics purposes without impacting the loading of the actual web page.

2 Conformance requirements

All diagrams, examples, and notes in this specification are non-normative, as are all sections explicitly marked non-normative. Everything else in this specification is normative.

The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in the normative parts of this document are to be interpreted as described in RFC 2119. For readability, these words do not appear in all uppercase letters in this specification.

Requirements phrased in the imperative as part of algorithms (such as "strip any leading space characters" or "return false and abort these steps") are to be interpreted with the meaning of the key word ("must", "should", "may", etc) used in introducing the algorithm.

Some conformance requirements are phrased as requirements on attributes, methods or objects. Such requirements are to be interpreted as requirements on user agents.

Conformance requirements phrased as algorithms or specific steps may be implemented in any manner, so long as the end result is equivalent. (In particular, the algorithms defined in this specification are intended to be easy to follow, and not intended to be performant.)

The IDL fragments in this specification must be interpreted as required for conforming IDL fragments, as described in the Web IDL specification. [Web IDL]

3 Terminology

The construction "a Foo object", where Foo is actually an interface, is sometimes used instead of the more accurate "an object implementing the interface Foo".

The term "navigation" refers to the act of navigating.

The term "JavaScript" is used to refer to ECMA-262, rather than the official term ECMAScript, since the term JavaScript is more widely known.

4 JavaScript Preflight Injection

4.1 Introduction

This section is non-normative.

This specification defines the main steps involved in JavaScript Preflight Injection. The mechanism is heavily based on the behaviour of cookies.

Capability Communication

The first interaction between browser and server is part of the HTTP request. The browser has to communicate that it supports PreFlight Injection.

The Accept-Preflight header is set indicating that the browser supports preflight JavaScript injection.

        GET /index.html HTTP/1.1
        Accept-Preflight: true

Setting Preflight Injection

The server sets a preflight JavaScript Cookie for the domain

        HTTP/1.1 200 OK
        Date: Thu, 24 Jan 2013 05:46:54 GMT
        Content-Length: 2291
        Content-Type: text/html
        Set-Preflight-Cookie: /monitoring.js;;path=/;max-age=250000

Communicating current Preflight settings

The Preflight Cookie header is sent back to indicate that the browser has set a preflight JavaScript file.

        GET /index.html HTTP/1.1
        Preflight-Cookie: /monitoring.js

Clearing Preflight Injection

The Set-PreflightCookie: is set to remove a script from preflight injection.

        GET /index.html HTTP/1.1
        Set-Preflight-Cookie: /monitoring.js;delete

4.2 Executing Preflight Scripts

Preflight scripts are executed when the document object is created or when the page load has failed and a Navigation Error has been created.

4.3 Vendor Prefixes

Vendor-specific proprietary user agent extensions are discouraged. If such extensions are needed, e.g., for experimental purposes, vendors MUST use the following extension mechanisms:

4.4 Processing Model

This section is non-normative.

  1. When the browser receives a new document it checks for the JavaScript Preflight header.
  2. If the browser finds a Preflight header or has a Preflight Coookie set for the documents domain it starts downloading it immediately.
  3. If the preflight JavaScript is cached, it takes it from the cache. Otherwise it downloads it like a normal resource.
  4. If the document fails to load (e.g. due to a DNS error) the script gets executed as soon as it is available.
  5. If the document loads successfully the script is executed as soons as the document object is constructed
  6. If the Preflight scirpt takes longer to load, the browser waits with all other JavaScript execution until the Preflight script is executed

Note: Possibly we need a flag where a preflight script can specify an async attribute indicating it does not need to be executed before any JavaScript on the page.

6 Privacy and Security

This section is non-normative.

This specification utilizes current standard building blocks of web communication - specifically the HTTP Cookie mechanism. This implies that no additional security and pricacy threats are introduced.

8 References

8.1 Normative References

[IETF RFC 2119]
Key words for use in RFCs to Indicate Requirement Levels, Scott Bradner, Author. Internet Engineering Task Force, March 1997. Available at
[IETF RFC 2616]
Hypertext Transfer Protocol -- HTTP/1.1, R. Fielding et al., Authors. Internet Engineering Task Force, June 1999. Available at
[IETF RFC 6454]
The Web Origin Concept, Adam Barth, Author. Internet Engineering Task Force, December 2011. Available at
ECMAScript Language Specification, 5.1 Edition. ECMA International, Standard ECMA-262, June 2011. This version of the ECMAScript Language is available from
HTML5, Robin Berjon et al., Editors. World Wide Web Consortium, December 2012. This version of the HTML5 is available from The latest editor's draft of HTML5 is available at
[Web IDL]
Web IDL, Cameron McCormack, Editor. World Wide Web Consortium, April 2012. This version of the Web IDL specification is available from The latest version of Web IDL is available at
[High Resolution Time]
High Resolution Time, Jatinder Mann, Editor. World Wide Web Consortium, December 2012. This version of the High Resolution Time Recommendation is available from The latest version of High Resolution Time is available at
[Performance Timeline]
Performance Timeline, Jatinder Mann, et al, Editors. World Wide Web Consortium, July 2012. This version of the Performance Timeline specification is available from The latest version of Performance Timeline is available at
[Navigation Timing]
Navigation Timing, Zhiheng Wang, Editor. World Wide Web Consortium, December 2012. This edition of the Navigation Timing Recommendation is available from The latest version of Navigation Timing is available at