Avoiding duplicate conversion measurement requests

[martinthomson]

In discussions today, it was observed that there was likely a few ways in which a site might accidentally ask for conversion measurement multiple times. Not all of that would be the result of an error on the part of the site developers; browser retry requests and it isn't always easy to avoid setting a header; pages reload and you can't always stop actions from occurring.

Duplicates are especially bad for measureConversion, because that means spending budget multiple times.

Having a way for sites to mark requests so that the browser could perform de-duplication before spending budget seems like a pretty simple thing to do with potentially high value.

Basic idea, add a nonce attribute to each conversion measurement query. The browser would then store nonces that it has acted upon and the response that it generated. This would be for a short period and best-effort only, so the protection wouldn't be forever, but it should at least help.

The same protection can be added to both JS and HTTP APIs.

Charlie mentioned that there was a separate desire to build in client-driven retries for the different APIs. This is a separable issue and one that can be pursued as an improvement to the web platform¹.

Footnotes

1. There is a keepalive attribute on fetch, but that doesn't include the ability to retry failed requests. Maybe having keepalive requests retried is in line with expectations for that API. ↩

[apasel422]

Basic idea, add a nonce attribute to each conversion measurement query. The browser would then store nonces that it has acted upon and the response that it generated. This would be for a short period and best-effort only, so the protection wouldn't be forever, but it should at least help.

What would the scope of these nonces be? And would it make sense to allow the site to control the nonce's expiry (alongside a reasonable default and maximum)?