1. Introduction
This section is non-normative
This specification describes how web browsers can provide a mechanism to the web that supports measuring and attributing conversions (e.g. purchases) to ads a user interacted with on another site. This mechanism should remove one need for cross-site identifiers like third-party cookies.
1.1. Overview
Pages/embedded sites are given the ability to register attribution sources and attribution triggers , which can be linked by the User Agent to generate and send attribution reports containing information from both of those events.
A
reporter
https://reporter.example
embedded
on
https://source.example
is
able
to
measure
whether
an
iteraction
on
the
page
lead
to
an
action
on
https://destination.example
by
registering
an
attribution
source
with
attribution
destinations
of
«
https://destination.example
».
Reporters
are
able
to
register
sources
through
a
variety
of
surfaces,
but
ultimately
the
reporter
is
required
to
provide
the
User
Agent
with
an
HTTP-response
header
which
allows
the
source
to
be
eligible
for
attribution.
At
a
later
point
in
time,
the
reporter,
now
embedded
on
https://destination.example
,
may
register
an
attribution
trigger
.
Reporters
can
register
triggers
by
sending
an
HTTP-response
header
containing
information
about
the
action/event
that
occurred.
Internally,
the
User
Agent
attempts
to
match
the
trigger
to
previously
registered
source
events
based
on
where
the
sources/triggers
were
registered
and
configurations
provided
by
the
reporter.
If the User Agent is able to attribute the trigger to a source, it will generate and send an attribution report to the reporter via an HTTP POST request at a later point in time.
2. HTML monkeypatches
2.1. API for elements
interface mixin { [
HTMLAttributionSrcElementUtils CEReactions ,SecureContext ]attribute USVString ; };
attributionSrc HTMLAnchorElement includes HTMLAttributionSrcElementUtils ;HTMLImageElement includes HTMLAttributionSrcElementUtils ;HTMLScriptElement includes HTMLAttributionSrcElementUtils ;
Add the following content attributes :
-
a
-
attributionsrc
- URL for attribution registration -
img
-
attributionsrc
- URL for attribution registration -
script
-
attributionsrc
- URL for attribution registration
Add the following content attribute descriptions:
-
a
-
The
attributionsrc
attribute is a string representing the URL of the resource that will register an attribution source when thea
is navigated. -
img
-
The
attributionsrc
attribute is a string representing the URL of the resource that will register an attribution source or attribution trigger when set. -
script
-
The
attributionsrc
attribute is a string representing the URL of the resource that will register an attribution source or attribution trigger when set.
The
IDL
attribute
attributionSrc
must
reflect
the
respective
content
attribute
of
the
same
name.
To
make
background
attributionsrc
requests
given
an
HTMLAttributionSrcElementUtils
element
and
an
eligibility
eligibility
:
-
Let attributionSrc be element ’s
attributionSrc
. -
Let tokens be the result of splitting attributionSrc on ASCII whitespace.
-
For each token of tokens :
-
Parse token , relative to element ’s node document . If that is not successful, continue . Otherwise, let url be the resulting URL record .
-
Run make a background attributionsrc request with url , contextOrigin , eligibility , and element ’s node document .
-
Consider allowing the user agent to limit the size of tokens .
Whenever
an
img
or
a
script
element
is
created
or
element
’s
attributionSrc
attribute
is
set
or
changed,
run
make
background
attributionsrc
requests
with
element
and
"
event-source-or-trigger
".
Monkeypatch
img
and
script
loading
so
that
the
presence
of
an
attributionSrc
attribute
sets
the
src
or
src
request’s
Attribution
Reporting
eligibility
to
"
event-source-or-trigger
".
Modify follow the hyperlink as follows:
After the step
If subject ’s link types includes...
add the steps
-
Let navigationSourceEligible be false.
-
If subject has an
attributionsrc
attribute:-
Set navigationSourceEligible to true.
-
Make background attributionsrc requests with subject and "
navigation-source
".
-
Add "and navigationSourceEligible set to navigationSourceEligible " to the step
Navigate targetNavigable ...
2.2. Window open steps
Modify the tokenize the features argument as follows:
Replace the step
Collect a sequence of code points that are not feature separators code points from features given position . Set value to the collected code points, converted to ASCII lowercase .
with
Collect a sequence of code points that are not feature separators code points from features given position . Set value to the collected code points, converted to ASCII lowercase . Set originalCaseValue to the collected code points.
Replace the step
If name is not the empty string, then set tokenizedFeatures [ name ] to value .
with the steps
-
If name is not the empty string:
Modify the window open steps as follows:
After the step
Let tokenizedFeatures be the result of tokenizing features .
add the steps
-
Let navigationSourceEligible be false.
-
If tokenizedFeatures ["
attributionsrc
"] exists :-
Set navigationSourceEligible to true.
-
Set attributionSrcUrls to a new list .
-
For each value of tokenizedFeatures ["
attributionsrc
"]:-
If value is the empty string, continue .
-
Let decodedSrcBytes be the result of percent-decoding value .
-
Let decodedSrc be the UTF-8 decode without BOM of decodedSrcBytes .
-
Parse decodedSrc relative to the entry settings object , and set urlRecord to the resulting URL record , if any. If parsing failed, continue .
-
Append urlRecord to attributionSrcUrls .
-
Use attributionSrcUrls with make a background attributionsrc request .
In each step that calls navigate , set navigationSourceEligible to navigationSourceEligible .
3. Navigation monkeypatches
Add the following item to navigation params :
- navigationSourceEligible
-
A boolean indicating whether the navigation can register a navigation source in its response. Defaults to false.
Modify navigate as follows:
Add an optional boolean parameter called navigationSourceEligible , defaulting to false.
In the step
Set navigationParams to a new navigation params with...
add the property
- navigationSourceEligible
-
navigationSourceEligible
Use/propagate navigationSourceEligible to the navigation request 's Attribution Reporting eligibility .
4. Network monkeypatches
dictionary {
AttributionReportingRequestOptions required boolean ;
eventSourceEligible required boolean ; };
triggerEligible partial dictionary RequestInit {AttributionReportingRequestOptions ; };
attributionReporting partial interface XMLHttpRequest { [SecureContext ]undefined (
setAttributionReporting AttributionReportingRequestOptions ); };
options
A
request
has
an
associated
Attribution
Reporting
eligibility
(an
eligibility
).
Unless
otherwise
stated
it
is
"
unset
".
To
get
an
eligibility
from
AttributionReportingRequestOptions
given
an
optional
AttributionReportingRequestOptions
options
:
-
If options is null, return "
unset
". -
Let eventSourceEligible be options ’s
eventSourceEligible
. -
Let triggerEligible be options ’s
triggerEligible
. -
If ( eventSourceEligible , triggerEligible ) is:
- (false, false)
-
Return "
empty
". - (false, true)
-
Return "
trigger
". - (true, false)
-
Return "
event-source
". - (true, true)
-
Return "
event-source-or-trigger
".
"
Attribution-Reporting-Eligible
"
is
a
Dictionary
Structured
Header
set
on
a
request
that
indicates
which
registrations,
if
any,
are
allowed
on
the
corresponding
response
.
Its
values
are
not
specified
and
its
allowed
keys
are:
-
"
event-source
" -
"
navigation-source
" -
A navigation source may be registered.
-
"
trigger
" -
A trigger may be registered.
To set Attribution Reporting headers given a header list headers and an eligibility eligibility :
-
Delete "
Attribution-Reporting-Eligible
" from headers . -
Delete "
Attribution-Reporting-Support
" from headers . -
If eligibility is "
unset
", return. -
Let dict be an ordered map .
-
If eligibility is:
-
"
empty
" -
Do nothing.
-
"
event-source
" -
Set dict ["
event-source
"] to true. -
"
navigation-source
" -
Set dict ["
navigation-source
"] to true. -
"
trigger
" -
"
event-source-or-trigger
" -
Set dict ["
event-source
"] to true and set dict ["trigger
"] to true.
-
"
-
Set a structured field value given ("
Attribution-Reporting-Eligible
", dict ) in headers . -
Set an OS-support header in headers .
4.1. Fetch monkeypatches
Modify fetch as follows:
After the step
If request ’s header list does not contain
Accept
...
add the step
-
Set Attribution Reporting headers with request ’s header list and request ’s Attribution Reporting eligibility .
Modify
Request(input,
init)
as
follows:
In the step
Set request to a new request with the following properties:
add the property
- Attribution Reporting eligibility
-
request ’s Attribution Reporting eligibility .
After the step
If init ["
priority
"] exists , then:
add the step
-
If init ["
attributionReporting
"] exists , then set request ’s Attribution Reporting eligibility to the result of get an eligibility from AttributionReportingRequestOptions with it.
4.2. XMLHttpRequest monkeypatches
An
XMLHttpRequest
object
has
an
associated
Attribution
Reporting
eligibility
(an
eligibility
).
Unless
otherwise
stated
it
is
"
unset
".
The
setAttributionReporting(options)
method
must
run
these
steps:
-
If this ’s state is not opened , then throw an "
InvalidStateError
"DOMException
. -
If this ’s
send()
flag is set, then throw an "InvalidStateError
"DOMException
. -
Set this ’s Attribution Reporting eligibility to the result of get an eligibility from AttributionReportingRequestOptions with options .
Modify
send(body)
as
follows:
After the step:
Let req be a new request , initialized as follows...
Add the step:
-
Set Attribution Reporting headers with req ’s header list and this ’s Attribution Reporting eligibility .
5. Permissions Policy integration
This
specification
defines
a
policy-controlled
feature
identified
by
the
string
"
attribution-reporting
".
Its
default
allowlist
is
*
.
6. Clear Site Data integration
In clear DOM-accessible storage for origin , add the following step:
Run clear site data with origin .
To clear site data given an origin origin :
-
For each attribution source source of the attribution source cache :
-
If source ’s reporting origin and origin are same origin , remove source from the attribution source cache .
-
-
For each event-level report report of the event-level report cache :
-
If report ’s reporting origin and origin are same origin , remove report from the event-level report cache .
-
-
For each aggregatable report report of the aggregatable report cache :
-
If report ’s reporting origin and origin are same origin , remove report from the aggregatable report cache .
-
Note: We deliberately do not remove matching entries from the attribution rate-limit cache , as doing so would allow a site to reset and therefore exceed the intended rate limits at will.
7. Structures
7.1. Trigger state
A trigger state is a struct with the following items:
- trigger data
-
A non-negative 64-bit integer.
- report window
-
A non-negative integer.
7.2. Randomized response output configuration
A randomized response output configuration is a struct with the following items:
- max attributions per source
-
A positive integer.
- trigger data cardinality
-
A positive integer.
- num report windows
-
A positive integer.
7.3. Randomized source response
A randomized source response is null or a set of trigger states .
7.4. Attribution filtering
A filter value is an ordered set of strings .
A filter map is an ordered map whose keys are strings and whose values are filter values .
7.5. Suitable origin
A suitable origin is an origin that is suitable .
7.6. Source type
A source type is one of the following:
-
"
navigation
" -
The source was associated with a top-level navigation.
-
"
event
" -
The source was not associated with a top-level navigation.
7.7. Attribution source
An attribution source is a struct with the following items:
- source identifier
-
A string .
- source origin
-
A suitable origin .
- event ID
-
A non-negative 64-bit integer.
- attribution destinations
-
An ordered set of sites .
- reporting origin
-
A suitable origin .
- source type
-
A source type .
- expiry
-
A duration .
- event report window
-
A duration .
- aggregatable report window
-
A duration .
- priority
-
A 64-bit integer.
- source time
-
A moment .
- number of event-level reports
-
Number of event-level reports created for this attribution source .
- event-level attributable (default true)
-
A boolean .
- dedup keys
-
ordered set of dedup keys associated with this attribution source .
- randomized response
- randomized trigger rate
-
A number between 0 and 1 (both inclusive).
- filter data
-
A filter map .
- debug key
-
Null or a non-negative 64-bit integer.
- aggregation keys
-
An ordered map whose keys are strings and whose values are non-negative 128-bit integers.
- aggregatable budget consumed
-
A non-negative integer, total value of all aggregatable contributions created with this attribution source .
- aggregatable dedup keys
-
ordered set of aggregatable dedup key values associated with this attribution source .
- debug reporting enabled
-
A boolean .
- number of aggregatable reports
-
Number of aggregatable reports created for this attribution source .
An attribution source source ’s expiry time is source ’s source time + source ’s expiry .
An attribution source source ’s event report window time is source ’s source time + source ’s event report window .
An attribution source source ’s aggregatable report window time is source ’s source time + source ’s aggregatable report window .
An attribution source source ’s source site is the result of obtaining a site from source ’s source origin .
7.8. Aggregatable trigger data
An aggregatable trigger data is a struct with the following items:
- key piece
-
A non-negative 128-bit integer.
- source keys
-
An ordered set of strings .
- filters
-
A list of filter maps .
- negated filters
-
A list of filter maps .
7.9. Aggregatable dedup key
An aggregatable dedup key is a struct with the following items:
- dedup key
-
Null or a non-negative 64-bit integer.
- filters
-
A filter map .
- negated filters
-
A filter map .
7.10. Event-level trigger configuration
An event-level trigger configuration is a struct with the following items:
- trigger data
-
A non-negative 64-bit integer.
- dedup key
-
Null or a non-negative 64-bit integer.
- priority
-
A 64-bit integer.
- filters
-
A list of filter maps .
- negated filters
-
A list of filter maps .
7.11. Aggregation coordinator
An aggregation coordinator is one of a user-agent-determined set of strings that specifies which aggregation service deployment to use.
7.12. Aggregatable source registration time configuration
An aggregatable source registration time configuration is one of the following:
-
"
exclude
" -
"
source_registration_time
" is excluded from an aggregatable report 's shared info . -
"
include
" -
"
source_registration_time
" is included in an aggregatable report 's shared info .
7.13. Attribution trigger
An attribution trigger is a struct with the following items:
- attribution destination
-
A site .
- trigger time
-
A moment .
- reporting origin
-
A suitable origin .
- filters
-
A list of filter maps .
- negated filters
-
A list of filter maps .
- debug key
-
Null or a non-negative 64-bit integer.
- event-level trigger configurations
- aggregatable trigger data
-
A list of aggregatable trigger data .
- aggregatable values
-
An ordered map whose keys are strings and whose values are non-negative 32-bit integers.
- aggregatable dedup keys
-
A list of aggregatable dedup key .
- serialized private state tokens
-
A list of byte sequence .
- debug reporting enabled
-
A boolean .
- aggregation coordinator
- aggregatable source registration time configuration
7.14. Attribution report
An attribution report is a struct with the following items:
- reporting origin
-
A suitable origin .
- report time
-
A moment .
- original report time
-
A moment .
- delivered (default false)
-
A boolean .
- report ID
-
A string .
- source debug key
-
Null or a non-negative 64-bit integer.
- trigger debug key
-
Null or a non-negative 64-bit integer.
7.15. Event-level report
An event-level report is an attribution report with the following additional items:
- event ID
-
A non-negative 64-bit integer.
- source type
-
A source type .
- trigger data
-
A non-negative 64-bit integer.
- randomized trigger rate
-
A number between 0 and 1 (both inclusive).
- trigger priority
-
A 64-bit integer.
- trigger time
-
A moment .
- source identifier
-
A string.
- attribution destinations
-
An ordered set of sites .
7.16. Aggregatable contribution
An aggregatable contribution is a struct with the following items:
- key
-
A non-negative 128-bit integer.
- value
-
A non-negative 32-bit integer.
7.17. Aggregatable report
An aggregatable report is an attribution report with the following additional items:
- source time
-
A moment .
- contributions
-
A list of aggregatable contributions .
- effective attribution destination
-
A site .
- serialized private state token
-
A byte sequence .
- aggregation coordinator
- source registration time configuration
- is null report (default false)
-
A boolean .
7.18. Attribution rate-limits
A rate-limit scope is one of the following:
-
"
source
" -
"
attribution
"
An attribution rate-limit record is a struct with the following items:
- scope
-
A rate-limit scope .
- source site
-
A site .
- attribution destination
-
A site .
- reporting origin
-
A suitable origin .
- time
-
A moment .
- expiry time
-
Null or a moment .
7.19. Attribution debug data
A debug data type is a non-empty string that specifies the set of data that is contained in the body of an attribution debug data .
A source debug data type is a debug data type for source registrations. Possible values are:
-
"
source-destination-limit
" -
"
source-noised
" -
"
source-storage-limit
" -
"
source-success
" -
"
source-unknown-error
"
A trigger debug data type is a debug data type for trigger registrations. Possible values are:
-
"
trigger-aggregate-deduplicated
" -
"
trigger-aggregate-excessive-reports
" -
"
trigger-aggregate-no-contributions
" -
"
trigger-aggregate-insufficient-budget
" -
"
trigger-aggregate-storage-limit
" -
"
trigger-aggregate-report-window-passed
" -
"
trigger-attributions-per-source-destination-limit
" -
"
trigger-event-deduplicated
" -
"
trigger-event-excessive-reports
" -
"
trigger-event-low-priority
" -
"
trigger-event-no-matching-configurations
" -
"
trigger-event-noise
" -
"
trigger-event-report-window-passed
" -
"
trigger-event-storage-limit
" -
"
trigger-no-matching-source
" -
"
trigger-no-matching-filter-data
" -
"
trigger-reporting-origin-limit
" -
"
trigger-unknown-error
"
An attribution debug data is a struct with the following items:
- data type
-
A debug data type .
- body
7.20. Attribution debug report
An attribution debug report is a struct with the following items:
- data
-
A list of attribution debug data .
- reporting origin
-
A suitable origin .
7.21. Triggering result
A triggering status is one of the following:
-
"
dropped
" -
"
noised
" -
"
attributed
"
Note:
"
noised
"
only
applies
for
triggering
event-level
attribution
when
it
is
attributed
successfully
but
dropped
as
the
noise
was
applied
to
the
source.
A triggering result is a tuple with the following items:
- status
- debug data
-
Null or an attribution debug data .
8. Storage
A user agent holds an attribution source cache , which is an ordered set of attribution sources .
A user agent holds an event-level report cache , which is an ordered set of event-level reports .
A user agent holds an aggregatable report cache , which is an ordered set of aggregatable reports .
A user agent holds an attribution rate-limit cache , which is an ordered set of attribution rate-limit records .
The above caches are collectively known as the attribution caches . The attribution caches are shared among all environment settings objects .
Note: This would ideally use storage bottles to provide access to the attribution caches. However attribution data is inherently cross-site, and operations on storage would need to span across all storage bottle maps.
9. Vendor-Specific Values
Max source expiry is a positive duration that controls the maximum value that can be used as an expiry . It must be greater than or equal to 30 days.
Max entries per filter data is a positive integer that controls the maximum size of an attribution source 's filter data .
Max values per filter data entry is a positive integer that controls the maximum size of each value of an attribution source 's filter data .
Max aggregation keys per attribution is a positive integer that controls the maximum size of an attribution source 's aggregation keys , the maximum size of an aggregatable trigger data 's source keys , and the maximum size of an attribution trigger 's aggregatable values .
Max pending sources per source origin is a positive integer that controls how many attribution sources can be in the attribution source cache per source origin .
Navigation-source
trigger
data
cardinality
is
a
positive
integer
that
controls
the
valid
range
of
trigger
data
for
triggers
that
are
attributed
to
an
attribution
source
whose
source
type
is
"
navigation
":
0
<=
trigger
data
<
navigation-source
trigger
data
cardinality
.
Event-source
trigger
data
cardinality
is
a
positive
integer
that
controls
the
valid
range
of
trigger
data
for
triggers
that
are
attributed
to
an
attribution
source
whose
source
type
is
"
event
":
0
<=
trigger
data
<
event-source
trigger
data
cardinality
.
Randomized response epsilon is a non-negative double that controls the randomized response probability of an attribution source .
Randomized
null
report
rate
excluding
source
registration
time
is
a
double
between
0
and
1
(both
inclusive)
that
controls
the
randomized
number
of
null
reports
generated
for
an
attribution
trigger
whose
[attribution
trigger/aggregatable
source
registration
time
configuration]
is
"
exclude
".
Randomized
null
report
rate
including
source
registration
time
is
a
double
between
0
and
1
(both
inclusive)
that
controls
the
randomized
number
of
null
reports
generated
for
an
attribution
trigger
whose
[attribution
trigger/aggregatable
source
registration
time
configuration]
is
"
include
".
Max event-level reports per attribution destination is a positive integer that controls how many event-level reports can be in the event-level report cache per site in attribution destinations .
Max aggregatable reports per attribution destination is a positive integer that controls how many aggregatable reports can be in the aggregatable report cache per effective attribution destination .
Max
attributions
per
navigation
source
is
a
positive
integer
that
controls
how
many
times
a
single
attribution
source
whose
source
type
is
"
navigation
"
can
create
an
event-level
report
.
Max
attributions
per
event
source
is
a
positive
integer
that
controls
how
many
times
a
single
attribution
source
whose
source
type
is
"
event
"
can
create
an
event-level
report
.
Max aggregatable reports per source is a positive integer that controls how many aggregatable reports can be created by attribution triggers attributed to a single attribution source .
Max destinations covered by unexpired sources is a positive integer that controls the maximum number of distinct sites across all attribution destinations for unexpired attribution sources with a given ( source site , reporting origin site ).
Attribution rate-limit window is a positive duration that controls the rate-limiting window for attribution.
Max source reporting origins per rate-limit window is a positive integer that controls the maximum number of distinct reporting origins for a ( source site , attribution destination ) that can create attribution sources per attribution rate-limit window .
Max source reporting origins per source reporting site is a positive integer that controls the maximum number of distinct reporting origins for a ( source site , reporting origin site ) that can create attribution sources per origin rate-limit window .
Origin rate-limit window is a positive duration that controls the rate-limiting window for max source reporting origins per source reporting site .
Max attribution reporting origins per rate-limit window is a positive integer that controls the maximum number of distinct reporting origins for a ( source site , attribution destination ) that can create event-level reports per attribution rate-limit window .
Max attributions per rate-limit window is a positive integer that controls the maximum number of attributions for a ( source site , attribution destination , reporting origin site ) per attribution rate-limit window .
Allowed aggregatable budget per source is a positive integer that controls the total required aggregatable budget of all aggregatable reports created for an attribution source .
Min aggregatable report delay is a non-negative duration that controls the minimum delay to deliver an aggregatable report .
Randomized aggregatable report delay is a positive duration that controls the random delay to deliver an aggregatable report .
Default aggregation coordinator is the aggregation coordinator that controls how to obtain the public key for encrypting an aggregatable report by default.
10. General Algorithms
10.1. Serialize an integer
To serialize an integer , represent it as a string of the shortest possible decimal number.
This would ideally be replaced by a more descriptive algorithm in Infra. See infra/201
10.2. Serialize attribution destinations
To serialize attribution destinations destinations , run the following steps:
-
Let destinationStrings be a list .
-
For each destination in destinations :
-
Assert : destination is not the opaque origin .
-
Append destination serialized to destinationStrings .
-
-
If destinationStrings ’s size is equal to 1, return destinationStrings [0].
-
Return destinationStrings .
To check if a scheme is suitable given a string scheme :
-
If scheme is "
http
" or "https
", return true. -
Return false.
To check if an origin is suitable given an origin origin :
-
If origin is not a potentially trustworthy origin , return false.
-
Return true.
10.3. Parsing filter data
To parse filter values given a value :
-
If value is not a map , return null.
-
Let result be a new filter map .
-
For each filter → data of value :
-
Return result .
To parse filter data given a value :
-
Let map be the result of running parse filter values with value .
-
If map is null, return null.
-
If map ’s size is greater than the user agent’s max entries per filter data , return null.
-
For each filter → set of map :
-
If set ’s size is greater than the user agent’s max values per filter data entry , return null.
-
-
Return map .
Determine whether to limit length or code point length for filter and d above.
10.4. Parsing filters
To parse filters given a value :
-
Let filtersList be a new list .
-
If value is a map , then:
-
Let filterMap be the result of running parse filter values with value .
-
If filterMap is null, return null.
-
Append filterMap to filtersList .
-
Return filtersList .
-
-
If value is not a list , return null.
-
For each data of value :
-
Let filterMap be the result of running parse filter values with data .
-
If filterMap is null, return null.
-
Append filterMap to filtersList .
-
-
Return filtersList .
10.5. Cookie-based debugging
To check if cookie-based debugging is allowed given a suitable origin reportingOrigin :
-
Let domain be the canonicalized domain name of reportingOrigin ’s host .
-
For each cookie of the user agent’s cookie store :
-
If cookie ’s name is not "
ar_debug
", continue . -
If cookie ’s http-only-flag is false, continue .
-
If cookie ’s secure-flag is false, continue .
-
If cookie ’s same-site-flag is not "
None
", continue . -
If cookie ’s host-only-flag is true and domain is not identical to cookie ’s domain, continue .
-
If cookie ’s host-only-flag is false and domain does not domain-match cookie ’s domain, continue .
-
If "
/
" does not path-match cookie ’s path, continue . -
Return allowed .
-
-
Return blocked .
Ideally
this
would
use
the
cookie-retrieval
algorithm
,
but
it
cannot:
There
is
no
way
to
consider
only
cookies
whose
http-only-flag
is
true
and
whose
same-site-flag
is
"
None
";
there
is
no
way
to
prevent
the
last-access-time
from
being
modified;
and
the
return
value
is
a
string
that
would
have
to
be
further
processed
to
check
for
the
"
ar_debug
"
cookie.
10.6. Obtaining a randomized response
To obtain a randomized response given trueValue , a set possibleValues , and a double randomPickRate :
-
Assert : randomPickRate is between 0 and 1 (both inclusive).
-
Let r be a random double between 0 (inclusive) and 1 (exclusive) with uniform probability.
-
If r is less than randomPickRate , return a random item from possibleValues with uniform probability.
-
Otherwise, return trueValue .
10.7. Parsing aggregation key piece
To parse an aggregation key piece given a string input , perform the following steps. This algorithm will return either a non-negative 128-bit integer or an error.
-
If input ’s code point length is not between 3 and 34 (both inclusive), return an error.
-
If the first character is not a U+0030 DIGIT ZERO (0), return an error.
-
If the second character is not a U+0058 LATIN CAPITAL LETTER X character (X) and not a U+0078 LATIN SMALL LETTER X character (x), return an error.
-
Let value be the code point substring from 2 to the end of input .
-
If the characters within value are not all ASCII hex digits , return an error.
-
Interpret value as a hexadecimal number and return as a non-negative 128-bit integer.
10.8. Can attribution rate-limit record be removed
Given an attribution rate-limit record record and a moment now :
-
If record ’s time is after now , return false.
-
If record ’s scope is "
attribution
", return true. -
If record ’s expiry time is after now , return false.
-
Return true.
10.9. Obtaining and delivering an attribution debug report
To obtain and deliver a debug report given a list of attribution debug data data and a suitable origin reportingOrigin :
-
Let debugReport be an attribution debug report with the items:
- data
-
data
- reporting origin
-
reportingOrigin
-
Queue a task to attempt to deliver a verbose debug report with debugReport .
10.10. Making a background attributionsrc request
An eligibility is one of the following:
-
"
unset
" -
Depending on context, a trigger may or may not be registered.
-
"
empty
" -
"
event-source
" -
"
navigation-source
" -
A navigation source may be registered.
-
"
trigger
" -
A trigger may be registered.
-
"
event-source-or-trigger
"
A registrar is one of the following:
-
"
web
" -
The user agent supports web registrations.
-
"
os
" -
The user agent supports OS registrations.
To validate a background attributionsrc eligibility given an eligibility eligibility :
-
Assert : eligibility is "
navigation-source
" or "event-source-or-trigger
".
To
make
a
background
attributionsrc
request
given
a
URL
url
,
a
suitable
origin
contextOrigin
,
an
eligibility
eligibility
,
and
a
Document
document
:
-
Validate eligibility .
-
Let context be document ’s relevant settings object .
-
If context is not a secure context , return.
-
If the "
attribution-reporting
" feature is not enabled in document with document ’s origin , return. -
Let supportedRegistrars be the result of getting supported registrars .
-
If supportedRegistrars is empty , return.
-
Let request be a new request with the following properties:
- method
-
"
GET
" - URL
-
url
- keepalive
-
true
- Attribution Reporting eligibility
-
eligibility
-
Fetch request with processResponse being process an attributionsrc response with contextOrigin , eligibility , and context .
Audit other properties on request and set them properly.
Support header-processing on redirects.
Check
for
transient
activation
with
"
navigation-source
".
To process an attributionsrc response given a suitable origin contextOrigin , an eligibility eligibility , an environment settings objects context , and a response response :
-
Validate eligibility .
-
If reportingOrigin is not suitable , return.
-
Let sourceHeader be the result of getting "
Attribution-Reporting-Register-Source
" from response ’s header list . -
Let triggerHeader be the result of getting "
Attribution-Reporting-Register-Trigger
" from response ’s header list . -
Let osSourceURLs be the result of getting OS-registration URLs from response ’s header list with "
Attribution-Reporting-Register-OS-Source
". -
Let osTriggerURLs be the result of getting OS-registration URLs from response ’s header list with "
Attribution-Reporting-Register-OS-Trigger
". -
If eligibility is:
-
"
navigation-source
" -
Run the following steps:
-
If sourceHeader and osSourceURLs are both null or both not null, return.
-
If sourceHeader is not null:
-
Let source be the result of running parse source-registration JSON with sourceHeader , contextOrigin , reportingOrigin , "
navigation
", and context ’s current wall time . -
If source is not null, process source .
-
-
If osSourceURLs is not null and the user agent supports OS registrations, process osSourceURLs according to an implementation-defined algorithm.
-
-
"
event-source-or-trigger
" -
Run the following steps:
-
If the number of non-null entries in « sourceHeader , triggerHeader , osSourceURLs , osTriggerURLs » is not 1, return.
-
If sourceHeader is not null:
-
Let source be the result of running parse source-registration JSON with sourceHeader , contextOrigin , reportingOrigin , "
event
", and context ’s current wall time . -
If source is not null, process source .
-
-
If triggerHeader is not null:
-
Let destinationSite be the result of obtaining a site from contextOrigin .
-
Let trigger be the result of running create an attribution trigger with triggerHeader destinationSite , reportingOrigin , privateStateTokens , and context ’s current wall time .
-
If trigger is not null, trigger attribution with trigger .
-
-
If osSourceURLs is not null and the user agent supports OS registrations, process osSourceURLs according to an implementation-defined algorithm.
-
If osTriggerURLs is not null and the user agent supports OS registrations, process osTriggerURLs according to an implementation-defined algorithm.
-
-
"
Set privateStateTokens properly.
11. Source Algorithms
11.1. Obtaining a randomized source response
To obtain a set of possible trigger states given a randomized response output configuration config :
-
For each integer triggerData between 0 (inclusive) and config ’s trigger data cardinality (exclusive):
-
For each integer reportWindow between 0 (inclusive) and config ’s num report windows (exclusive):
-
Let state be a new trigger state with the items:
- trigger data
-
triggerData
- report window
-
reportWindow
-
Append state to possibleTriggerStates .
-
-
-
For each integer attributions between 0 (inclusive) and |config’s| max attributions per source (inclusive):
-
Append to possibleValues all distinct attributions -length combinations of possibleTriggerStates .
-
To obtain a randomized source response pick rate given a randomized response output configuration config and a double epsilon :
-
Let possibleValues be the result of obtaining a set of possible trigger states with config .
-
Let numPossibleValues be the size of possibleValues .
-
Return numPossibleValues / ( numPossibleValues - 1 + e epsilon ).
To obtain a randomized source response given a randomized response output configuration config and a double epsilon :
-
Let possibleValues be the result of obtaining a set of possible trigger states with config .
-
Let pickRate be the result of obtaining a randomized source response pick rate with config and epsilon .
-
Return the result of obtaining a randomized response with null, possibleValues , and pickRate .
11.2. Parsing source-registration JSON
To parse an attribution destination from a string str :
-
Let url be the result of running the URL parser on the value of the str .
-
If url is failure or null, return null.
-
Return the result of obtaining a site from url ’s origin .
To parse attribution destinations from a value val :
-
Let result be an ordered set .
-
If val is a string , append the result of parse an attribution destination to result , and return result .
-
If val is not a list , return null.
-
For each value of val :
-
If value is not a string , return null.
-
Let destination be the result of parse an attribution destination with value .
-
If destination is null, return null.
-
Append destination to result .
-
-
If result ’s size is greater than 3, return null.
-
If result is empty , return null.
-
return result .
Confirm that the maximum destinations size is workable.
To obtain a source expiry given a value :
-
If value is not a string , return null.
-
Let expirySeconds be the result of applying the rules for parsing integers to value .
-
If expirySeconds is an error, return null.
-
Let expiry be expirySeconds seconds.
-
If expiry is less than 1 day, set expiry to 1 day.
-
If expiry is greater than the user agent’s max source expiry , set expiry to that value.
-
Return expiry .
To parse aggregation keys given an ordered map map :
-
Let aggregationKeys be a new ordered map .
-
If map ["
aggregation_keys
"] does not exist , return aggregationKeys . -
Let values be map ["
aggregation_keys
"]. -
If values is not an ordered map , return null.
-
If values ’s size is greater than the user agent’s max aggregation keys per attribution , return null.
-
For each key → value of values :
-
If value is not a string , return null.
-
Let keyPiece be the result of running parse an aggregation key piece with value .
-
If keyPiece is an error, return null.
-
Set aggregationKeys [ key ] to keyPiece .
-
-
Return aggregationKeys .
Determine whether to limit length or code point length for key above.
To parse source-registration JSON given a byte sequence json , a suitable origin sourceOrigin , a suitable origin reportingOrigin , a source type sourceType , and a moment sourceTime :
-
Let value be the result of running parse JSON bytes to an Infra value with json .
-
If value is not an ordered map , return null.
-
Let sourceEventId be 0.
-
If value ["
source_event_id
"] exists and is a string :-
Set sourceEventId to the result of applying the rules for parsing non-negative integers to value ["
source_event_id
"]. -
If sourceEventId is an error, set sourceEventId to 0.
-
-
If value ["
destination
"] does not exist , return null. -
Let attributionDestinations be the result of running parse attribution destinations with value ["
destination
"]. -
If attributionDestinations is null, return null.
-
Let expiry be the result of running obtain a source expiry on value ["
expiry
"]. -
If expiry is null, set expiry to 30 days.
-
Let eventReportWindow be the result of running obtain a source expiry on value ["
event_report_window
"]. -
Let aggregatableReportWindow be the result of running obtain a source expiry on value ["
aggregatable_report_window
"]. -
Let priority be 0.
-
If value ["
priority
"] exists and is a string :-
Set priority to the result of applying the rules for parsing integers to value ["
priority
"]. -
If priority is an error, set priority to 0.
-
-
Let filterData be a new filter map .
-
If value ["
filter_data
"] exists :-
Set filterData to the result of running parse filter data with value ["
filter_data
"]. -
If filterData is null, return null.
-
If filterData ["
source_type
"] exists , return null.
-
-
Set filterData ["
source_type
"] to « sourceType ». -
Let debugKey be null.
-
If value ["
debug_key
"] exists and is a string :-
Set debugKey to the result of applying the rules for parsing non-negative integers to value ["
debug_key
"]. -
If debugKey is an error, set debugKey to null.
-
If the result of running check if cookie-based debugging is allowed with reportingOrigin is blocked , set debugKey to null.
-
-
Let aggregationKeys be the result of running parse aggregation keys with value .
-
If aggregationKeys is null, return null.
-
Let triggerDataCardinality be the user agent’s navigation-source trigger data cardinality .
-
Let maxAttributionsPerSource be the user agent’s max attributions per navigation source .
-
If sourceType is "
event
":-
Round expiry away from zero to the nearest day (86400 seconds).
-
Set triggerDataCardinality to the user agent’s event-source trigger data cardinality .
-
Set maxAttributionsPerSource to the user agent’s max attributions per event source .
-
-
If eventReportWindow is null or greater than expiry , set eventReportWindow to expiry .
-
If aggregatableReportWindow is null or greater than expiry , set aggregatableReportWindow to expiry .
-
Let debugReportingEnabled be false.
-
If value ["
debug_reporting
"] exists and is a boolean , set debugReportingEnabled to value ["debug_reporting
"]. -
Let randomizedResponseConfig be a new randomized response output configuration whose items are:
- max attributions per source
-
maxAttributionsPerSource
- num report windows
-
The result of obtaining the number of report windows with sourceType and eventReportWindow
- trigger data cardinality
-
triggerDataCardinality
-
Let epsilon be the user agent’s randomized response epsilon .
-
Let source be a new attribution source struct whose items are:
- source identifier
-
A new unique string
- source origin
-
sourceOrigin
- event ID
-
sourceEventId
- attribution destinations
-
attributionDestinations
- reporting origin
-
reportingOrigin
- expiry
-
expiry
- event report window
-
eventReportWindow
- aggregatable report window
-
aggregatableReportWindow
- priority
-
priority
- source time
-
sourceTime
- source type
-
sourceType
- randomized response
-
The result of obtaining a randomized source response with randomizedResponseConfig and epsilon .
- randomized trigger rate
-
The result of obtaining a randomized source response pick rate with randomizedResponseConfig and epsilon .
- filter data
-
filterData
- debug key
-
debugKey
- aggregation keys
-
aggregationKeys
- aggregatable budget consumed
-
0
- debug reporting enabled
-
debugReportingEnabled
-
Return source .
Determine proper charset-handling for the JSON header value.
11.3. Processing an attribution source
To check if an attribution source exceeds the unexpired destination limit given an attribution source source , run the following steps:
-
Let unexpiredSources be all attribution rate-limit records record in the attribution rate-limit cache where all of the following are true:
-
record ’s source site and source ’s source site are equal
-
record ’s reporting origin and source ’s reporting origin are same site
-
record ’s expiry time is greater than source ’s source time
-
For each attribution rate-limit record unexpiredRecord of unexpiredSources :
-
Append unexpiredRecord ’s attribution destination to unexpiredDestinations .
-
-
Let newDestinations be the result of taking the union of unexpiredDestinations and source ’s attribution destinations .
-
Return whether newDestinations ’s size is greater than the user agent’s max destinations covered by unexpired sources .
To obtain a fake report given an attribution source source and a trigger state triggerState :
-
Let fakeConfig be a new event-level trigger configuration with the items:
- trigger data
-
triggerState ’s trigger data
- dedup key
-
null
- priority
-
0
- filters
-
«[ "
source_type
" → « source ’s source type » ]»
-
Let fakeTrigger be a new attribution trigger with the items:
- attribution destinations
-
source ’s attribution destinations
- trigger time
-
source ’s source time
- reporting origin
-
source ’s reporting origin
- filters
-
«[]»
- debug key
-
null
- event-level trigger configurations
-
« fakeConfig »
- aggregatable trigger data
-
«»
- aggregatable values
-
«[]»
- aggregatable dedup key
-
«»
- debug reporting enabled
-
false
- aggregation coordinator
- serialized private state tokens
-
«»
- aggregatable source registration time configuration
-
"
exclude
"
-
Let fakeReport be the result of running obtain an event-level report with source , fakeTrigger , and fakeConfig .
-
Set fakeReport ’s report time to the result of running obtain the report time at a window with source and triggerState ’s report window .
-
Return fakeReport .
To check if debug reporting is allowed given a source debug data type dataType and a suitable origin reportingOrigin :
-
If dataType is:
-
"
source-destination-limit
" -
Return allowed .
-
"
source-noised
" -
"
source-storage-limit
" -
"
source-success
" -
"
source-unknown-error
" -
Return the result of running check if cookie-based debugging is allowed with reportingOrigin .
-
"
To obtain and deliver a debug report on source registration given a source debug data type dataType and an attribution source source :
-
If source ’s debug reporting enabled is false, return.
-
If the result of running check if debug reporting is allowed with dataType and source ’s reporting origin is blocked , return.
-
Let body be a new map with the following key/value pairs:
-
"
attribution_destination
" -
source ’s attribution destinations , serialized .
-
"
source_event_id
" -
source ’s event ID , serialized .
-
"
source_site
" -
source ’s source site , serialized .
-
"
-
If source ’s debug key is not null, set body ["
source_debug_key
"] to source ’s debug key , serialized . -
If dataType is:
-
"
source-destination-limit
" -
Set body ["
limit
"] to the user agent’s max destinations covered by unexpired sources , serialized . -
"
source-storage-limit
" -
Set body ["
limit
"] to the user agent’s max pending sources per source origin , serialized .
-
"
-
Let data be a new attribution debug data with the items:
-
Run obtain and deliver a debug report with « data » and source ’s reporting origin .
To process an attribution source given an attribution source source :
-
Let cache be the user agent’s attribution source cache .
-
Remove all attribution sources entry in cache where entry ’s expiry time is less than source ’s source time .
-
Let pendingSourcesForSourceOrigin be the set of all attribution sources pendingSource of cache where pendingSource ’s source origin and source ’s source origin are same origin .
-
If pendingSourcesForSourceOrigin ’s size is greater than or equal to the user agent’s max pending sources per source origin :
-
Run obtain and deliver a debug report on source registration with "
source-storage-limit
" and source . -
Return.
-
-
If the result of running check if an attribution source exceeds the unexpired destination limit with source is true:
-
Run obtain and deliver a debug report on source registration with " source-destination-limit " and source .
-
Return.
-
-
For each destination in source ’s attribution destinations :
-
Let rateLimitRecord be a new attribution rate-limit record with the items:
- scope
-
"
source
" - source site
-
source ’s source site
- attribution destination
-
destination
- reporting origin
-
source ’s reporting origin
- time
-
source ’s source time
- expiry time
-
source ’s expiry time
-
If the result of running should processing be blocked by reporting-origin limit with rateLimitRecord is blocked :
-
Run obtain and deliver a debug report on source registration with " source-success " and source .
-
Return.
-
-
Append rateLimitRecord to the attribution rate-limit cache .
-
-
Remove all attribution rate-limit records entry from the attribution rate-limit cache if the result of running can attribution rate-limit record be removed with entry and source ’s source time is true.
-
Let debugDataType be "
source-success
". -
If source ’s randomized response is not null and is a set :
-
For each trigger state triggerState of source ’s randomized response :
-
Let fakeReport be the result of running obtain a fake report with source and triggerState .
-
Append fakeReport to the event-level report cache .
-
-
If source ’s randomized response is not empty , then set source ’s event-level attributable value to false.
-
For each destination in source 's attribution destinations :
-
Let rateLimitRecord be a new attribution rate-limit record with the items:
- scope
-
"
attribution
" - source site
-
source ’s source site
- attribution destination
-
destination
- reporting origin
-
source ’s reporting origin
- time
-
source ’s source time
- expiry time
-
null
-
Append rateLimitRecord to the attribution rate-limit cache .
-
-
Set debugDataType to "
source-noised
".
-
-
Run obtain and deliver a debug report on source registration with debugDataType and source .
-
Append source to cache .
Note: Because a fake report does not have a "real" effective destination, we need to subtract from the privacy budget of all possible destinations.
Should fake reports respect the user agent’s max event-level reports per attribution destination ?
12. Triggering Algorithms
12.1. Creating an attribution trigger
To parse event triggers given an ordered map map :
-
Let eventTriggers be a new set .
-
If map ["
event_trigger_data
"] does not exist , return eventTriggers . -
Let values be map ["
event_trigger_data
"]. -
If values is not a list , return null.
-
For each value of values :
-
If value is not an ordered map , return null.
-
Let triggerData be 0.
-
If value ["
trigger_data
"] exists and is a string :-
Set triggerData to the result of applying the rules for parsing non-negative integers to value ["
trigger_data
"]. -
If triggerData is an error, set triggerData to 0.
-
-
Let dedupKey be null.
-
If value ["
deduplication_key
"] exists and is a string :-
Set dedupKey to the result of applying the rules for parsing non-negative integers to value ["
deduplication_key
"]. -
If dedupKey is an error, set dedupKey to null.
-
-
Let priority be 0.
-
If value ["
priority
"] exists and is a string :-
Set priority to the result of applying the rules for parsing integers to value ["
priority
"]. -
If priority is an error, set priority to 0.
-
-
Let filters be a list of filter maps , initially empty.
-
If value ["
filters
"] exists :-
Set filters to the result of running parse filters with value ["
filters
"]. -
If filters is null, return null.
-
-
Let negatedFilters be a list of filter maps , initially empty.
-
If value ["
not_filters
"] exists :-
Set negatedFilters to the result of running parse filters with value ["
not_filters
"]. -
If negatedFilters is null, return null.
-
-
Let eventTrigger be a new event-level trigger configuration with the items:
- trigger data
-
triggerData
- dedup key
-
dedupKey
- priority
-
priority
- filters
-
filters
- negated filters
-
negatedFilters
-
Append eventTrigger to eventTriggers .
-
-
Return eventTriggers .
To parse aggregatable trigger data given an ordered map map :
-
Let aggregatableTriggerData be a new list .
-
If map ["
aggregatable_trigger_data
"] does not exist , return aggregatableTriggerData . -
Let values be map ["
aggregatable_trigger_data
"]. -
If values is not a list , return null.
-
For each value of values :
-
If value is not an ordered map , return null.
-
If value ["
key_piece
"] does not exist or is not a string , return null. -
Let keyPiece be the result of running parse an aggregation key piece with value ["
key_piece
"]. -
If keyPiece is an error, return null.
-
Let sourceKeys be a new ordered set .
-
If value ["
source_keys
"] exists : -
Let filters be a list of filter maps , initially empty.
-
If value ["
filters
"] exists :-
Set filters to the result of running parse filters with value ["
filters
"]. -
If filters is null, return null.
-
-
Let negatedFilters be a list of filter maps , initially empty.
-
If value ["
not_filters
"] exists :-
Set negatedFilters to the result of running parse filters with value ["
not_filters
"]. -
If negatedFilters is null, return null.
-
-
Let aggregatableTrigger be a new aggregatable trigger data with the items:
- key piece
-
keyPiece
- source keys
-
sourceKeys
- filters
-
filters
- negated filters
-
negatedFilters
-
Append aggregatableTrigger to aggregatableTriggerData .
-
-
Return aggregatableTriggerData .
Determine whether to limit length or code point length for sourceKey above.
To parse aggregatable values given an ordered map map :
-
If map ["
aggregatable_values
"] does not exist , return «[]». -
Let values be map ["
aggregatable_values
"]. -
If values is not an ordered map , return null.
-
If values ’s size is greater than the user agent’s max aggregation keys per attribution , return null.
-
For each key → value of values :
-
If value is not an integer, return null.
-
If value is less than or equal to 0, return null.
-
If value is greater than allowed aggregatable budget per source , return null.
-
-
Return values .
Determine whether to limit length or code point length for key above.
To parse aggregatable dedup keys given an ordered map map :
-
Let aggregatableDedupKeys be a new list .
-
If map ["
aggregatable_deduplication_keys
"] does not exist , return aggregatableDedupKeys . -
Let values be map ["
aggregatable_deduplication_keys
"]. -
If values is not a list , return null.
-
For each value of values :
-
If value is not an ordered map , return null.
-
Let dedupKey be null.
-
If value ["
deduplication_key
"] exists and is a string :-
Set dedupKey to the result of applying the rules for parsing non-negative integers to value ["
deduplication_key
"]. -
If dedupKey is an error, set dedupKey to null.
-
-
Let filters be a new filter map .
-
If values ["
filters
"] exists :-
Set filters to the result of running parse filter data with value ["
filters
"]. -
If filters is null, return null.
-
-
Let negatedFilters be a new filter map .
-
If values ["
not_filters
"] exists :-
Set negatedFilters to the result of running parse filter data with value ["
not_filters
"]. -
If negatedFilters is null, return null.
-
-
Let aggregatableDedupKey be a new aggregatable dedup key with the items:
- dedup key
-
dedupKey
- filters
-
filters
- negated filters
-
negatedFilters
-
Append aggregatableDedupKey to aggregatableDedupKeys .
-
-
Return aggregatableDedupKeys .
To serialize a private state token given a string encodedBlindedPrivateStateToken :
-
If encodedBlindedPrivateStateToken is null, return null.
-
Let decoded be the result of forgiving-base64 decoding encodedBlindedPrivateStateToken .
-
If decoded is failure, return null.
-
Let tokens be the result of finishing issuance of decoded .
properly define the "finishing issuance" operation.
-
If tokens is null, or has size not equal to 1, return null.
-
Let token be tokens [0].
-
Let redeemedBytes be the result of "beginning redemption" with token , the empty byte sequence (data), and 0 (the null timestamp).
properly define "begin redemption" operation. Consider running the algorithm at report sending time.
-
Return the result of forgiving-base64 encoding redeemedBytes .
To create an attribution trigger given a byte sequence json , a site destination , a suitable origin reportingOrigin , a list of strings privateStateTokens , and a moment triggerTime :
-
Let value be the result of running parse JSON bytes to an Infra value with json .
-
If value is not an ordered map , return null.
-
Let eventTriggers be the result of running parse event triggers with value .
-
If eventTriggers is null, return null.
-
Let aggregatableTriggerData be the result of running parse aggregatable trigger data with value .
-
If aggregatableTriggerData is null, return null.
-
Let aggregatableValues be the result of running parse aggregatable values with value .
-
If aggregatableValues is null, return null.
-
Let aggregatableDedupKeys be the result of running parse aggregatable dedup keys with value .
-
If aggregatableDedupKeys is null, return null.
-
Let debugKey be null.
-
If value ["
debug_key
"] exists and is a string :-
Set debugKey to the result of applying the rules for parsing non-negative integers to value ["
debug_key
"]. -
If debugKey is an error, set debugKey to null.
-
If the result of running check if cookie-based debugging is allowed with reportingOrigin is blocked , set debugKey to null.
-
-
Let filters be a list of filter maps , initially empty.
-
If value ["
filters
"] exists:-
Set filters to the result of running parse filters with value ["
filters
"]. -
If filters is null, return null.
-
-
Let negatedFilters be a list of filter maps , initially empty.
-
If value ["
not_filters
"] exists:-
Set negatedFilters to the result of running parse filters with value ["
not_filters
"]. -
If negatedFilters is null, return null.
-
-
Let debugReportingEnabled be false.
-
If value ["
debug_reporting
"] exists and is a boolean , set debugReportingEnabled to value["debug_reporting
"]. -
Let aggregationCoordinator be default aggregation coordinator .
-
If value ["
aggregation_coordinator_identifier
"] exists :-
If value ["
aggregation_coordinator_identifier
"] is not a string , return null. -
If value ["
aggregation_coordinator_identifier
"] is not an aggregation coordinator , return null. -
Set aggregationCoordinator to value ["
aggregation_coordinator_identifier
"].
-
-
Let aggregatableSourceRegTimeConfig be "
exclude
". -
If value ["
aggregatable_source_registration_time
"] exists :-
If value ["
aggregatable_source_registration_time
"] is not a string , return null. -
If value ["
aggregatable_source_registration_time
"] is not an aggregatable source registration time configuration , return null. -
Set aggregatableSourceRegTimeConfig to value ["
aggregatable_source_registration_time
"].
-
-
For each privateStateToken of privateStateTokens :
-
Let serializedPrivateStateToken be the result of serializing a private state token with privateStateToken .
-
Append serializedPrivateStateToken to serializedPrivateStateTokens .
-
-
Let trigger be a new attribution trigger with the items:
- attribution destination
-
destination
- trigger time
-
triggerTime
- reporting origin
-
reportingOrigin
- filters
-
filters
- negated filters
-
negatedFilters
- debug key
-
debugKey
- event-level trigger configurations
-
eventTriggers
- aggregatable trigger data
-
aggregatableTriggerData
- aggregatable values
-
aggregatableValues
- aggregatable dedup keys
-
aggregatableDedupKeys
- serialized private state tokens
-
serializedPrivateStateTokens
- debug reporting enabled
-
debugReportingEnabled
- aggregation coordinator
-
aggregationCoordinator
- aggregatable source registration time configuration
-
aggregatableSourceRegTimeConfig
-
Return trigger .
Determine proper charset-handling for the JSON header value.
12.2. Does filter data match
To match filter values given a filter value a and a filter value b :
-
If b is empty , then:
-
If a is empty , then return true.
-
Otherwise, return false.
-
-
Let i be the intersection of a and b .
-
If i is empty , then return false.
-
Return true.
To match filter values with negation given a filter value a and a filter value b :
-
If b is empty , then:
-
If a is not empty , then return true.
-
Otherwise, return false.
-
-
Let i be the intersection of a and b .
-
If i is not empty , then return false.
-
Return true.
To match an attribution source’s filter data against a filter map given an attribution source source , a filter map filter , and a boolean isNegated :
-
Let sourceData be source ’s filter data .
-
For each key → filterValues of filter :
-
Let sourceValues be sourceData [ key ].
-
If isNegated is:
- false
- If the result of running match filter values with sourceValues and filterValues is false, return false.
- true
- If the result of running match filter values with negation with sourceValues and filterValues is false, return false.
-
Return true.
To match an attribution source’s filter data against filters given an attribution source source , a list of filter maps filters , and a boolean isNegated :
-
If filters is empty , return true.
-
For each filter of filters :
-
If the result of running match an attribution source’s filter data against a filter map with source , filter and isNegated is true, return true.
-
-
Return false.
To match an attribution source’s filter data against filters and negated filters given an attribution source source , a list of filter maps filters , and a list of filter maps notFilters :
-
If the result of running match an attribution source’s filter data against filters with source , filters , and isNegated set to false is false, return false.
-
If the result of running match an attribution source’s filter data against filters with source , notFilters , and isNegated set to true is false, return false.
-
Return true.
12.3. Should attribution be blocked by attribution rate limit
Given an attribution trigger trigger and attribution source sourceToAttribute :
-
Let matchingRateLimitRecords be all attribution rate-limit records record of attribution rate-limit cache where all of the following are true:
-
record ’s scope is "
attribution
" -
record ’s source site and sourceToAttribute ’s source site are equal
-
record ’s attribution destination and trigger ’s attribution destination are equal
-
record ’s reporting origin and trigger ’s reporting origin are same site
-
record ’s time is at least attribution rate-limit window before trigger ’s trigger time
-
-
If matchingRateLimitRecords ’s size is greater than or equal to max attributions per rate-limit window , return blocked .
-
Return allowed .
12.4. Should processing be blocked by reporting-origin limit
Given an attribution rate-limit record newRecord :
-
Let max be max source reporting origins per rate-limit window .
-
If newRecord ’s scope is "
attribution
", set max to max attribution reporting origins per rate-limit window . -
Let matchingRateLimitRecords be all attribution rate-limit records record in the attribution rate-limit cache where all of the following are true:
-
record ’s source site and newRecord ’s source site are equal
-
record ’s attribution destination and newRecord ’s attribution destination are equal
-
The duration from record ’s time
is at least attribution rate-limit window beforeand newRecord ’s time is <= attribution rate-limit window
-
Let distinctReportingOrigins be
a new emptytheorderedset.of all reporting origin in matchingRateLimitRecords , unioned with « newRecord ’s reporting origin » -
If distinctReportingOrigins ’s size is greater than max , return blocked .
For
each
NOTE:
source
scopes
have
an
auxiliary
max
source
reporting
origins
per
source
reporting
site
rate
limit
that
also
must
be
enforced.
If newRecord ’s scope is "
attribution
", return allowedLet matchingRateLimitRecords be all attribution rate-limit records record in the attribution rate-limit cache where all of the following are true:
matchingRateLimitRecords , appendrecord ’s scope is "source
"record ’s
reporting originsource sitetoanddistinctReportingOrigins .newRecord ’s source site are equal-
IfThe duration from record ’s time and newRecord ’s time is <= origin rate-limit window
Let distinctReportingOrigins
containsbe the set of all reporting origin in matchingRateLimitRecords , unioned with « newRecord ’s reporting origin, return allowed .»-
If distinctReportingOrigins ’s size is greater than
or equal tomax,source reporting origins per source reporting site , return blocked . -
Return allowed .
12.5. Should attribution be blocked by rate limits
Given an attribution trigger trigger , an attribution source sourceToAttribute , and an attribution rate-limit record newRecord :
-
If the result of running should attribution be blocked by attribution rate limit with trigger and sourceToAttribute is blocked :
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-attributions-per-source-destination-limit
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
If the result of running should processing be blocked by reporting-origin limit with newRecord is blocked :
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-reporting-origin-limit
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
Return null.
12.6. Creating aggregatable contributions
To create aggregatable contributions given an attribution source source and an attribution trigger trigger , run the following steps:
-
Let aggregationKeys be the result of cloning source ’s aggregation keys .
-
For each triggerData of trigger ’s aggregatable trigger data :
-
If the result of running match an attribution source’s filter data against filters and negated filters with source , triggerData ’s filters , and triggerData ’s negated filters is false, continue .
-
For each sourceKey of triggerData ’s source keys :
-
-
Let aggregatableValues be trigger ’s aggregatable values .
-
Let contributions be a new empty list .
-
For each id → key of aggregationKeys :
-
Return contributions .
12.7. Can source create aggregatable contributions
To check if an attribution source can create aggregatable contributions given an aggregatable report report and an attribution source sourceToAttribute , run the following steps:
-
Let remainingAggregatableBudget be allowed aggregatable budget per source minus sourceToAttribute ’s aggregatable budget consumed .
-
Assert : remainingAggregatableBudget is greater than or equal to 0.
-
If report ’s required aggregatable budget is greater than remainingAggregatableBudget , return false.
-
Return true.
12.8. Obtaining debug data on trigger registration
To obtain debug data body on trigger registration given a trigger debug data type dataType , an attribution trigger trigger , an optional attribution source sourceToAttribute , and an optional attribution report report :
-
If dataType is:
-
"
trigger-attributions-per-source-destination-limit
" -
Set body ["
limit
"] to the user agent’s max attributions per rate-limit window , serialized . -
"
trigger-reporting-origin-limit
" -
Set body ["
limit
"] to the user agent’s max attribution reporting origins per rate-limit window , serialized . -
"
trigger-event-storage-limit
" -
Set body ["
limit
"] to max event-level reports per attribution destination , serialized . -
"
trigger-aggregate-storage-limit
" -
Set body ["
limit
"] to max aggregatable reports per attribution destination , serialized . -
"
trigger-aggregate-insufficient-budget
" -
Set body ["
limit
"] to allowed aggregatable budget per source , serialized . -
"
trigger-aggregate-excessive-reports
" -
Set body ["
limit
"] to max aggregatable reports per source , -
"
trigger-event-low-priority
" -
"
trigger-event-excessive-reports
" -
-
Assert : report is not null and is an event-level report .
-
Return the result of running obtain an event-level report body with report .
-
-
"
-
Set body ["
attribution_destination
"] to trigger ’s attribution destination , serialized . -
If trigger ’s debug key is not null, set body ["
trigger_debug_key
"] to trigger ’s debug key , serialized . -
If sourceToAttribute is not null:
-
Set body ["
source_event_id
"] to source ’s event ID , serialized . -
Set body ["
source_site
"] to source ’s source site , serialized . -
If sourceToAttribute ’s debug key is not null, set body ["
source_debug_key
"] to sourceToAttribute ’s debug key , serialized .
-
-
Return body .
To obtain debug data on trigger registration given a trigger debug data type dataType , an attribution trigger trigger , an optional attribution source sourceToAttribute , and an optional attribution report report :
-
If trigger ’s debug reporting enabled is false, return null.
-
If the result of running check if cookie-based debugging is allowed with trigger ’s reporting origin is blocked , return null.
-
Let data be a new attribution debug data with the items:
- data type
-
dataType .
- body
-
The result of running obtain debug data body on trigger registration with dataType , trigger , sourceToAttribute and report .
-
Return data .
12.9. Triggering event-level attribution
To trigger event-level attribution given an attribution trigger trigger , an attribution source sourceToAttribute , and an attribution rate-limit record rateLimitRecord , run the following steps:
-
If trigger ’s event-level trigger configurations is empty , return the triggering result ("
dropped
", null). -
If sourceToAttribute ’s randomized response is not null and is not empty :
-
Assert : sourceToAttribute ’s event-level attributable is false.
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-event-noise
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
If sourceToAttribute ’s event report window time is less than trigger ’s trigger time :
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-event-report-window-passed
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
Let matchedConfig be null.
-
For each event-level trigger configuration config of trigger ’s event-level trigger configurations :
-
If the result of running match an attribution source’s filter data against filters and negated filters with sourceToAttribute , config ’s filters , and config ’s negated filters is true:
-
Set matchedConfig to config .
-
Break .
-
-
-
If matchedConfig is null:
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-event-no-matching-configurations
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
If matchedConfig ’s dedup key is not null and sourceToAttribute ’s dedup keys contains it:
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-event-deduplicated
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
Let numMatchingReports be the number of entries in the event-level report cache whose attribution destinations contains trigger ’s attribution destination .
-
If numMatchingReports is greater than or equal to the user agent’s max event-level reports per attribution destination :
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-event-storage-limit
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
If the result of running should attribution be blocked by rate limits with trigger , sourceToAttribute , and rateLimitRecord is not null, return it.
-
Let report be the result of running obtain an event-level report with sourceToAttribute , trigger , and matchedConfig .
-
If sourceToAttribute ’s event-level attributable value is false:
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-event-excessive-reports
", trigger , sourceToAttribute and report . -
Return the triggering result ("
dropped
", debugData ).
-
-
Let maxAttributionsPerSource be the user agent’s max attributions per navigation source .
-
If sourceToAttribute ’s source type is "
event
", set maxAttributionsPerSource to the user agent’s max attributions per event source . -
If sourceToAttribute ’s number of event-level reports value is equal to maxAttributionsPerSource , then:
-
Let matchingReports be all entries in the event-level report cache where all of the following are true:
-
entry’s report time and report ’s report time are equal.
-
entry’s source identifier is report ’s source identifier
-
-
If matchingReports is empty:
-
Set sourceToAttribute ’s event-level attributable value to false.
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-event-excessive-reports
", trigger , sourceToAttribute and report . -
Return the triggering result ("
dropped
", debugData ).
-
-
Set matchingReports to the result of sorting matchingReports in ascending order, with a being less than b if any of the following are true:
-
a ’s trigger priority is less than b ’s trigger priority .
-
a ’s trigger priority is equal to b ’s trigger priority and a ’s trigger time is greater than b ’s trigger time .
-
-
Let lowestPriorityReport be the first item in matchingReports .
-
If report ’s trigger priority is less than or equal to lowestPriorityReport ’s trigger priority :
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-event-low-priority
", trigger , sourceToAttribute and report . -
Return the triggering result ("
dropped
", debugData ).
-
-
Remove lowestPriorityReport from the event-level report cache .
-
Decrement sourceToAttribute ’s number of event-level reports value by 1.
-
-
Let triggeringStatus be "
attributed
". -
Let debugData be null.
-
If sourceToAttribute ’s randomized response is:
- null
-
Append report to the event-level report cache .
- not null
-
-
Set triggeringStatus to "
noised
". -
Set debugData to the result of running obtain debug data on trigger registration with "
trigger-event-noise
", trigger , sourceToAttribute and report set to null.
-
-
Increment sourceToAttribute ’s number of event-level reports value by 1.
-
If matchedConfig ’s dedup key is not null, append it to sourceToAttribute ’s dedup keys .
-
If report ’s source debug key is not null and report ’s trigger debug key is not null, queue a task to attempt to deliver a debug report with report .
-
Return the triggering result ( triggeringStatus , debugData ).
12.10. Triggering aggregatable attribution
To trigger aggregatable attribution given an attribution trigger trigger , an attribution source sourceToAttribute , and an attribution rate-limit record rateLimitRecord , run the following steps:
-
If the result of running check if an attribution trigger contains aggregatable data is false, return the triggering result ("
dropped
", null). -
If sourceToAttribute ’s aggregatable report window time is less than trigger ’s trigger time :
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-aggregate-report-window-passed
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
Let matchedDedupKey be null.
-
For each aggregatable dedup key aggregatableDedupKey of trigger ’s aggregatable dedup keys :
-
If the result of running match an attribution source’s filter data against filters and negated filters with sourceToAttribute , aggregatableDedupKey ’s filters , and aggregatableDedupKey ’s negated filters is true:
-
-
If matchedDedupKey is not null and sourceToAttribute ’s aggregatable dedup keys contains it:
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-aggregate-deduplicated
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
Let report be the result of running obtain an aggregatable report with sourceToAttribute and trigger .
-
If report ’s contributions is empty :
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-aggregate-no-contributions
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
Let numMatchingReports be the number of entries in the aggregatable report cache whose effective attribution destination equals trigger ’s attribution destination and is null report is false.
-
If numMatchingReports is greater than or equal to the user agent’s max aggregatable reports per attribution destination :
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-aggregate-storage-limit
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
If the result of running should attribution be blocked by rate limits with trigger , sourceToAttribute , and rateLimitRecord is not null, return it.
-
If sourceToAttribute ’s number of aggregatable reports value is equal to max aggregatable reports per source , then:
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-aggregate-excessive-reports
", trigger , sourceToAttribute , and report . -
Return the triggering result ("
dropped
", debugData ).
-
-
If the result of running check if an attribution source can create aggregatable contributions with report and sourceToAttribute is false:
-
Let debugData be the result of running obtain debug data on trigger registration with "
trigger-aggregate-insufficient-budget
", trigger , sourceToAttribute and report set to null. -
Return the triggering result ("
dropped
", debugData ).
-
-
Add report to the aggregatable report cache .
-
Increment sourceToAttribute ’s number of aggregatable reports value by 1.
-
Increment sourceToAttribute ’s aggregatable budget consumed value by report ’s required aggregatable budget .
-
If matchedDedupKey is not null, append it to sourceToAttribute ’s aggregatable dedup keys .
-
Run generate null reports and assign private state tokens with trigger and report .
-
If report ’s source debug key is not null and report ’s trigger debug key is not null, queue a task to attempt to deliver a debug report with report .
-
Return the triggering result ("
attributed
", null).
12.11. Triggering attribution
To obtain and deliver a debug report on trigger registration given a trigger debug data type dataType , an attribution trigger trigger and an optional attribution source sourceToAttribute :
-
Let debugData be the result of running obtain debug data on trigger registration with dataType , trigger , sourceToAttribute and report set to null.
-
If debugData is null, return.
-
Run obtain and deliver a debug report with « debugData » and trigger ’s reporting origin .
To find matching sources given an attribution trigger trigger :
-
For each source of the attribution source cache :
-
If source ’s attribution destinations does not contain trigger ’s attribution destination , continue .
-
If source ’s reporting origin and trigger ’s reporting origin are not same origin , continue .
-
If source ’s expiry time is less than or equal to trigger ’s trigger time , continue .
-
Append source to matchingSources .
-
-
Set matchingSources to the result of sorting matchingSources in descending order, with a being less than b if any of the following are true:
-
a ’s priority is equal to b ’s priority and a ’s source time is less than b ’s source time .
-
Return matchingSources .
To check if an attribution trigger contains aggregatable data given an attribution trigger trigger , run the following steps:
-
If trigger ’s aggregatable trigger data is not empty , return true.
-
If trigger ’s aggregatable values is not empty , return true.
-
Return false.
To trigger attribution given an attribution trigger trigger , run the following steps:
-
Let hasAggregatableData be the result of checking if an attribution trigger contains aggregatable data with trigger .
-
If trigger ’s event-level trigger configurations is empty and hasAggregatableData is false, return.
-
Let matchingSources be the result of running find matching sources with trigger .
-
If matchingSources is empty :
-
Run obtain and deliver a debug report on trigger registration with "
trigger-no-matching-source
", trigger and sourceToAttribute set to null. -
If hasAggregatableData is true, then run generate null reports and assign private state tokens with trigger and report set to null.
-
Return.
-
-
Let sourceToAttribute be matchingSources [0].
-
If the result of running match an attribution source’s filter data against filters and negated filters with sourceToAttribute , trigger ’s filters , and trigger ’s negated filters is false,
-
Run obtain and deliver a debug report on trigger registration with "
trigger-no-matching-filter-data
", trigger , and sourceToAttribute . -
If hasAggregatableData is true, then run generate null reports and assign private state tokens with trigger and report set to null.
-
Return.
-
-
Let rateLimitRecord be a new attribution rate-limit record with the items:
- scope
-
"
attribution
" - source site
-
sourceToAttribute ’s source site
- attribution destination
-
trigger ’s attribution destination
- reporting origin
-
sourceToAttribute ’s reporting origin
- time
-
sourceToAttribute ’s source time
- expiry time
-
null
-
Let eventLevelResult be the result of running trigger event-level attribution with trigger , sourceToAttribute , and rateLimitRecord .
-
Let aggregatableResult be the result of running trigger aggregatable attribution with trigger , sourceToAttribute , and rateLimitRecord .
-
Let eventLevelDebugData be eventLevelResult ’s debug data .
-
Let aggregatableDebugData be aggregatableResult ’s debug data .
-
If eventLevelDebugData is not null, then append eventLevelDebugData to debugDataList .
-
If aggregatableDebugData is not null:
-
If debugDataList is not empty , then run obtain and deliver a debug report with debugDataList and trigger ’s reporting origin .
-
If hasAggregatableData and aggregatableResult ’s status is "
dropped
", run generate null reports and assign private state tokens with trigger and report set to null. -
If both eventLevelResult ’s status and aggregatableResult ’s status are "
dropped
", return. -
Remove sourceToAttribute from matchingSources .
-
For each item of matchingSources :
-
Remove item from the attribution source cache .
-
-
If neither eventLevelResult ’s status nor aggregatableResult ’s status is "
attributed
", return. -
Append rateLimitRecord to the attribution rate-limit cache .
-
Remove all attribution rate-limit records entry from the attribution rate-limit cache if the result of running can attribution rate-limit record be removed with entry and trigger ’s trigger time is true.
12.12. Establishing report delivery time
To obtain early deadlines given a source type sourceType :
-
If sourceType is "
event
", return «». -
Return « 2 days, 7 days ».
To obtain effective deadlines given an source type sourceType and a duration eventReportWindow :
-
Let deadlines be the result of obtaining early deadlines given sourceType .
-
Remove all elements in deadlines that are greater than eventReportWindow .
-
Append eventReportWindow to deadlines .
-
Return deadlines .
To obtain the number of report windows given a source type sourceType and a duration eventReportWindow :
-
Let deadlines be the result of obtaining effective deadlines for sourceType and eventReportWindow .
-
Return the size of deadlines .
To obtain a report time from deadline given a moment sourceTime and a duration deadline :
-
Return sourceTime + deadline + 1 hour.
To obtain the report time at a window given an attribution source source and a non-negative integer window :
-
Let deadlines be the result of running obtain effective deadlines with source ’s source type and event report window .
-
Let deadline be deadlines [ window ].
-
Return the result of running obtain a report time from deadline with source ’s source time and deadline .
To obtain an event-level report delivery time given an attribution source source and a moment triggerTime :
-
Let deadlines be the result of obtaining effective deadlines with source .
-
Let deadlineToUse be the last item in deadlines .
-
For each deadline of deadlines :
-
Let time be source ’s source time + deadline .
-
If time is less than triggerTime , continue .
-
Set deadlineToUse to deadline .
-
Break .
-
-
Return the result of running obtain a report time from deadline with source ’s source time and deadlineToUse .
To obtain an aggregatable report delivery time given a moment triggerTime , perform the following steps. They return a moment .
-
Let r be a random double between 0 (inclusive) and 1 (exclusive) with uniform probability.
-
Return triggerTime + min aggregatable report delay + r * randomized aggregatable report delay .
12.13. Obtaining an event-level report
To obtain an event-level report given an attribution source source , an attribution trigger trigger , and an event-level trigger configuration config :
-
Let triggerDataCardinality be the user agent’s navigation-source trigger data cardinality .
-
If source ’s source type is "
event
", set triggerDataCardinality to the user agent’s event-source trigger data cardinality . -
Let reportTime be the result of running obtain an event-level report delivery time with source and trigger ’s trigger time .
-
Let report be a new event-level report struct whose items are:
- event ID
-
source ’s event ID .
- trigger data
-
The remainder when dividing config ’s trigger data by triggerDataCardinality .
- randomized trigger rate
-
source ’s randomized trigger rate .
- reporting origin
-
source ’s reporting origin .
- attribution destinations
-
source ’s attribution destinations .
- report time
-
reportTime
- original report time
-
reportTime
- trigger priority
-
config ’s priority .
- trigger time
-
trigger ’s trigger time .
- source identifier
-
source ’s source identifier .
- report id
-
The result of generating a random UUID .
- source debug key
-
source ’s debug key .
- trigger debug key
-
trigger ’s debug key .
-
Return report .
12.14. Obtaining an aggregatable report’s required budget
An aggregatable report report ’s required aggregatable budget is the total value of report ’s contributions .
12.15. Obtaining an aggregatable report
To obtain an aggregatable report given an attribution source source and an attribution trigger trigger :
-
Let reportTime be the result of running obtain an aggregatable report delivery time with trigger ’s trigger time .
-
Let report be a new aggregatable report struct whose items are:
- reporting origin
-
source ’s reporting origin .
- effective attribution destination
-
trigger ’s attribution destination .
- source time
-
source ’s source time .
- original report time
-
reportTime .
- report time
-
reportTime .
- report id
-
The result of generating a random UUID .
- source debug key
-
source ’s debug key .
- trigger debug key
-
trigger ’s debug key .
- contributions
-
The result of running create aggregatable contributions with source and trigger .
- serialized private state token
-
null.
- aggregation coordinator
-
trigger ’s aggregation coordinator .
- source registration time configuration
-
trigger ’s aggregatable source registration time configuration .
-
Return report .
12.16. Generating randomized null reports
To obtain a null report given an attribution trigger trigger and a moment sourceTime :
-
Let reportTime be the result of running obtain an aggregatable report delivery time with trigger ’s trigger time .
-
Let contribution be a new aggregatable contribution with the items:
-
Let report be a new aggregatable report struct whose items are:
- reporting origin
-
trigger ’s reporting origin
- effective attribution destination
-
trigger ’s attribution destination
- source time
-
sourceTime
- original report time
-
reportTime
- report time
-
reportTime
- report id
-
The result of generating a random UUID
- source debug key
-
null
- trigger debug key
-
trigger ’s debug key
- contributions
-
« contribution »
- serialized private state token
-
null
- aggregation coordinator
-
trigger ’s aggregation coordinator
- source registration time configuration
-
trigger ’s aggregatable source registration time configuration
- is null report
-
true
-
Return report .
To obtain rounded source time given a moment sourceTime , return sourceTime in seconds since the UNIX epoch, rounded down to a multiple of a whole day (86400 seconds).
To determine if a randomized null report is generated given a double randomPickRate :
-
Assert : randomPickRate is between 0 and 1 (both inclusive).
-
Let r be a random double beween 0 (inclusive) and 1 (exclusive) with uniform probability.
-
If r is less than randomPickRate , return true.
-
Otherwise, return false.
To generate null reports given an attribution trigger trigger and an optional aggregatable report report defaulting to null:
-
If trigger ’s aggregatable source registration time configuration is "
exclude
":-
If report is null and the result of determining if a randomized null report is generated with randomized null report rate excluding source registration time is true:
-
Let nullReport be the result of obtaining a null report with trigger and trigger ’s trigger time .
-
Append nullReport to the aggregatable report cache .
-
Append nullReport to nullReports .
-
-
-
Otherwise:
-
Let maxSourceExpiry be max source expiry .
-
Round maxSourceExpiry away from zero to the nearest day (86400 seconds).
-
Let roundedAttributedSourceTime be null.
-
If report is not null, set roundedAttributedSourceTime to the result of obtaining rounded source time with report ’s source time .
-
For each integer day between 0 (inclusive) and the number of days in maxSourceExpiry (inclusive):
-
Let fakeSourceTime be trigger ’s trigger time - day days.
-
If roundedAttributedSourceTime is not null and equals the result of obtaining rounded source time with fakeSourceTime :
-
Continue .
-
-
If the result of determining if a randomized null report is generated with randomized null report rate including source registration time is true:
-
Let nullReport be the result of obtaining a null report with trigger and fakeSourceTime .
-
Append nullReport to the aggregatable report cache .
-
Append nullReport to nullReports .
-
-
-
-
Return nullReports .
To shuffle a list list , reorder list ’s elements such that each possible permutation has equal probability of appearance.
To assign private state tokens given a list of aggregatable reports reports and an attribution trigger trigger :
-
If reports is empty , return.
-
Let privateStateTokens be trigger ’s serialized private state tokens .
-
If privateStateTokens is empty , return.
-
Shuffle reports .
-
Shuffle privateStateTokens .
-
Let n be the minimum of reports ’s size and privateStateTokens ’s size .
-
For each integer i between 0 (inclusive) and n (exclusive):
-
Set reports [i]'s serialized private state token to privateStateTokens [i].
-
Assign the ID associated with the private state token to report ID .
To generate null reports and assign private state tokens given an attribution trigger trigger and an optional aggregatable report report defaulting to null:
-
Let reports be the result of generating null reports with trigger and report .
-
If report is not null:
-
Append report to reports .
-
-
Run assign private state tokens with reports and trigger .
13. Report delivery
The user agent MUST periodically iterate over its event-level report cache and aggregatable report cache and run queue a report for delivery on each item.
To queue a report for delivery given an attribution report report and an environment settings objects context , run the following steps in parallel :
-
If report ’s delivered value is true, return.
-
Set report ’s delivered value to true.
-
If report ’s report time is less than context ’s current wall time , add an implementation-defined random non-negative duration to report ’s report time .
Note: On startup, it is possible the user agent will need to send many reports whose report times passed while the browser was closed. Adding random delay prevents temporal joining of reports from different source origin s.
-
Wait until context ’s current wall time is equal to report ’s report time .
-
Optionally, wait a further implementation-defined duration .
Note: This is intended to allow user agents to optimize device resource usage.
-
Run attempt to deliver a report with report .
13.1. Encode an unsigned k-bit integer
To encode an unsigned k-bit integer , represent it as a big-endian byte sequence of length k / 8, left padding with zero as necessary.
13.2. Obtaining an aggregatable report’s debug mode
An aggregatable report report ’s debug mode is the result of running the following steps:
-
If report ’s source debug key is null, return disabled .
-
If report ’s trigger debug key is null, return disabled .
-
Return enabled .
13.3. Obtaining an aggregatable report’s shared info
An aggregatable report report ’s shared info is the result of running the following steps:
-
Let reportingOrigin be report ’s reporting origin .
-
Let sharedInfo be an ordered map of the following key/value pairs:
-
"
api
" -
"
attribution-reporting
" -
"
attribution_destination
" -
report ’s effective attribution destination , serialized
-
"
report_id
" -
report ’s report ID
-
"
reporting_origin
" -
reportingOrigin , serialized
-
"
scheduled_report_time
" -
report ’s original report time in seconds since the UNIX epoch, serialized
-
"
version
" -
A string , API version.
-
"
-
If report ’s debug mode is enabled , set sharedInfo ["
debug_mode
"] to "enabled
". -
If report ’s source registration time configuration is "
include
", set sharedInfo ["source_registration_time
"] to the result of obtaining rounded source time with report ’s source time , serialized . -
Return the string resulting from executing serialize an infra value to a json string on sharedInfo .
13.4. Obtaining an aggregatable report’s aggregation service payloads
To obtain the public key for encryption given an aggregation coordinator aggregationCoordinator , asynchronously return a user-agent-determined public key or an error in the event that the user agent failed to obtain the public key.
Note: The user agent might enforce weekly key rotation. If there are multiple keys, the user agent might independently pick a key uniformly at random for every encryption operation. The key should be uniquely identifiable.
An aggregatable report report ’s plaintext payload is the result of running the following steps:
-
For each contribution of report ’s contributions :
-
Let payload be a map of the following key/value pairs:
-
"
data
" -
payloadData
-
"
operation
" -
"
histogram
"
-
"
-
Return the byte sequence resulting from CBOR encoding payload .
To obtain the encrypted payload given an aggregatable report report and a public key pkR , run the following steps:
-
Let plaintext be report ’s plaintext payload .
-
Let encodedSharedInfo be report ’s shared info , encoded .
-
Let info be the concatenation of «"
aggregation_service
", encodedSharedInfo ». -
Set up HPKE sender’s context with pkR and info .
-
Return the byte sequence or an error resulting from encrypting plaintext with the sender’s context .
To obtain the aggregation service payloads given an aggregatable report report , run the following steps:
-
Let pkR be the result of running obtain the public key for encryption with report ’s aggregation coordinator .
-
If pkR is an error, return pkR .
-
Let encryptedPayload be the result of running obtain the encrypted payload with report and pkR .
-
If encryptedPayload is an error, return encryptedPayload .
-
Let aggregationServicePayload be a map of the following key/value pairs:
-
"
payload
" -
encryptedPayload , base64 encoded
-
"
key_id
" -
A string identifying pkR
-
"
-
If report ’s debug mode is enabled , set aggregationServicePayload ["
debug_cleartext_payload
"] to report ’s plaintext payload , base64 encoded . -
Append aggregationServicePayload to aggregationServicePayloads .
-
Return aggregationServicePayloads .
13.5. Serialize attribution report body
To obtain an event-level report body given an attribution report report , run the following steps:
-
Let data be a map of the following key/value pairs:
-
"
attribution_destination
" -
report ’s attribution destinations , serialized .
-
"
randomized_trigger_rate
" -
report ’s randomized trigger rate
-
"
source_type
" -
report ’s source type
-
"
source_event_id
" -
report ’s event ID , serialized
-
"
trigger_data
" -
report ’s trigger data , serialized
-
"
report_id
" -
report ’s report ID
-
"
scheduled_report_time
" -
report ’s original report time in seconds since the UNIX epoch, serialized
-
"
-
If report ’s source debug key is not null, set data ["
source_debug_key
"] to report ’s source debug key , serialized . -
If report ’s trigger debug key is not null, set data ["
trigger_debug_key
"] to report ’s trigger debug key , serialized . -
Return data .
To serialize an event-level report report , run the following steps:
-
Let data be the result of running obtain an event-level report body with report .
-
Return the byte sequence resulting from executing serialize an infra value to JSON bytes on data .
To serialize an aggregatable report report , run the following steps:
-
Assert : report ’s effective attribution destination is not the opaque origin .
-
Let aggregationServicePayloads be the result of running obtain the aggregation service payloads .
-
If aggregationServicePayloads is an error, return aggregationServicePayloads .
-
Let data be a map of the following key/value pairs:
-
"
shared_info
" -
report ’s shared info
-
"
aggregation_service_payloads
" -
aggregationServicePayloads
-
"
aggregation_coordinator_identifier
" -
report ’s aggregation coordinator
-
"
-
If report ’s source debug key is not null, set data ["
source_debug_key
"] to report ’s source debug key , serialized . -
If report ’s trigger debug key is not null, set data ["
trigger_debug_key
"] to report ’s trigger debug key , serialized . -
Return the byte sequence resulting from executing serialize an infra value to JSON bytes on data .
To serialize an attribution report report , run the following steps:
-
If report is an:
- event-level report
- Return the result of running serialize an event-level report with report .
- aggregatable report
- Return the result of running serialize an aggregatable report with report .
Note:
The
inclusion
of
"
report_id
"
in
the
report
body
is
intended
to
allow
the
report
recipient
to
perform
deduplication
and
prevent
double
counting,
in
the
event
that
the
user
agent
retries
reports
on
failure.
To
prevent
the
report
recipient
from
learning
additional
information
about
whether
a
user
is
online,
retries
might
be
limited
in
number
and
subject
to
random
delays.
13.6. Serialize attribution debug report body
To serialize an attribution debug report report , run the following steps:
-
Return the byte sequence resulting from executing serialize an Infra value to JSON bytes on collection .
13.7. Get report request URL
To generate a report URL given a suitable origin reportingOrigin and a list of strings path :
-
Let reportUrl be a new URL record.
-
Let fullPath be «"
.well-known
", "attribution-reporting
"». -
Append path to fullPath .
-
Set reportUrl ’s path to path .
-
Return reportUrl .
To generate an attribution report URL given an attribution report report and an optional boolean isDebugReport (default false):
-
If isDebugReport is true, append "
debug
" to path . -
If report is an:
- event-level report
-
Append
"
report-event-attribution
" to path . - aggregatable report
-
Append
"
report-aggregate-attribution
" to path .
-
Return the result of running generate a report URL with report ’s reporting origin and path .
To generate an attribution debug report URL given an attribution debug report report :
-
Let path be «"
debug
", "verbose
"». -
Return the result of running generate a report URL with report ’s reporting origin and path .
13.8. Creating a report request
To create a report request given a URL url , a byte sequence body , and a header list newHeaders (defaults to an empty list ):
-
Let headers be a new header list containing a header named "
Content-Type
" whose value is "application/json
". -
For each header in newHeaders :
-
Append header to headers .
-
-
Let request be a new request with the following properties:
- method
-
"
POST
" - URL
-
url
- header list
-
headers
- body
- referrer
-
"
no-referrer
" - client
-
null
- window
-
"
no-window
" - service-workers mode
-
"
none
" - initiator
-
""
- mode
-
"
cors
" - unsafe-request flag
-
set
- credentials mode
-
"
omit
" - cache mode
-
"
no-store
"
-
Return request .
13.9. Get report request headers
To generate attribution report headers given an attribution report report :
-
Let newHeaders be a new header list .
-
If report is an aggregatable report :
-
If report ’s serialized private state token is not null, append a new header named "
Sec-Attribution-Reporting-Private-State-Token
" to newHeaders whose value is report ’s serialized private state token .
-
-
Return newHeaders .
13.10. Issuing a report request
This algorithm constructs a request and attempts to deliver it to a suitable origin .
To remove a report from the cache given an attribution report report :
-
If report is an:
- event-level report
- Queue a task to remove report from the event-level report cache .
- aggregatable report
- Queue a task to remove report from the aggregatable report cache .
To attempt to deliver a report given an attribution report report , run the following steps:
-
Let url be the result of executing generate an attribution report URL on report .
-
Let data be the result of executing serialize an attribution report on report .
-
If data is an error, run remove a report from the cache with report and return.
-
Let headers be the result of executing generate attribution report headers .
-
Let request be the result of executing create a report request on url , data , and headers .
-
Queue a task to fetch request with processResponse being remove a report from the cache with report .
This fetch should use a network partition key for an opaque origin. [Issue #220]
A user agent MAY retry this algorithm in the event that there was an error.
13.11. Issuing a debug report request
To attempt to deliver a debug report given an attribution report report :
-
Let url be the result of executing generate an attribution report URL on report with isDebugReport set to true.
-
Let data be the result of executing serialize an attribution report on report .
-
If data is an error, return.
-
Let headers be the result of executing generate attribution report headers .
-
Let request be the result of executing create a report request on url , data , and headers .
-
Fetch request .
13.12. Issuing a verbose debug request
To attempt to deliver a verbose debug report given an attribution debug report report :
-
Let url be the result of executing generate an attribution debug report URL on report .
-
Let data be the result of executing serialize an attribution debug report on report .
-
Let request be the result of executing create a report request on url and data .
-
Fetch request .
This fetch should use a network partition key for an opaque origin. [Issue #220]
A user agent MAY retry this algorithm in the event that there was an error.
14. Cross App and Web Algorithms
To get OS-registration URLs from a header list given a header list headers and a header name name :
-
Let values be the result of getting name from headers with a type of "
list
". -
If values is not a list , return null.
-
Let urls be a new list .
-
For each value of values :
-
Let url be the result of running the URL parser on value .
-
If url is failure or null, continue .
-
Append url to urls .
-
Return urls .
To get supported registrars :
-
Let supportedRegistrars be an empty ordered set .
-
If the user agent supports web registrations, append "
web
" to supportedRegistrars . -
If the user agent supports OS registrations, append "
os
" to supportedRegistrars . -
Return supportedRegistrars .
"
Attribution-Reporting-Support
"
is
a
Dictionary
Structured
Header
set
on
a
request
that
indicates
which
registrars,
if
any,
the
corresponding
response
can
use.
Its
values
are
not
specified
and
its
allowed
keys
are
the
registrars
.
To set an OS-support header given a header list headers :
-
Let supportedRegistrars be the result of getting supported registrars .
-
Let dict be an ordered map .
-
For each registrar of supportedRegistrars :
-
Set dict [ registrar ] to true.
-
-
Set a structured field value given ("
Attribution-Reporting-Support
", dict ) in headers .
15. Security considerations
TODO16. Privacy consideration
TODO16.1. Clearing attribution storage
A user agent’s attribution caches contain data about a user’s web activity. When a user agent clears an origin’s storage, it MUST also remove entries in the attribution caches whose source origin , attribution destinations , reporting origin , attribution destinations , or reporting origin is the same as the cleared origin.
A user agent MAY clear attribution cache entries at other times. For example, when a user agent clears an origin from a user’s browsing history.