Payment Request API | W3C

Payment Request API; W3C; 2017-09-21.

  • Adrian Bateman, Microsoft Corporation
  • Zach Koch, Google
  • Roy McElmurry, Facebook
  • Domenic Denicola, Google
  • Marcos Cáceres, Mozilla


WebRTC and STUN for intra-LAN exploration & end-user tracking


  • WebRTC, promotional site
  • Availabilities
    all the browsers that matter

    • Android
    • Chrome (Linux, Android, Windows)
    • Firefox
    • Opera
    • Safari (iOS)




  • RFC 7350Datagram Transport Layer Security (DTLS) as Transport for Session Traversal Utilities for NAT (STUN); Petit-Huguenin, Salgueiro; IETF; 2014-08.
  • RFC 7064URI Scheme for the Session Traversal Utilities for NAT (STUN) Protocol; Nandakumar, Salgueiro, Jones, Petit-Huguenin; IETF; 2013-11.
  • RFC 5928Traversal Using Relays around NAT (TURN) Resolution Mechanism; Petit-Huguenin; IETF; 2010-08.
  • RFC 5389Session Traversal Utilities for NAT (STUN); Rosenberg, Mahy, Matthews, Wing; IETF; 2008-10.

    • RFC 3489STUN – Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs); Rosenberg, Weinberger, Huitema, Mahy; 2003-03.

In Jimi Wales’ Wiki.



In archaeological order


665909webrtc WebRCT Tracking; In Bugzilla of Mozilla; 2011-06-21 →2016-01-11; Closed as INVALID

Some droid using the self-asserted identity token cchen; How to Stop WebRTC Local IP Address Leaks on Google Chrome and Mozilla Firefox While Using Private IPs; In Privacy Online Forums; 2015-01→2015-03.


  • Availability
    of the problem (not of WebRTC in general)

    • Chrome of Google
      • Windows
    • Firefox of Mozilla
      • Unclear, perhaps Windows only
    • Internet Explorer of Microsoft
      WebRTC is not available at all.
    • Opera of Mozilla
      • Unclear
    • Safari of Apple
      WebRTC is not available except through a plugin
    • Unavailable
      • Chrome of Google
        • OS/X
        • Android
      • Linux at all
        not clear; not mentioned at all.
  • Blocking
    • Chrome of Google
    • Firefox of Mozilla
      • Production
        • about:config
        • media.peerconnection.enabled set to true (default true)
      • Development

        • Canary
        • Nightly
        • Bowser
    • Opera of Opera
  • API Directory
    • voice calls
    • video chats
    • p2p file sharing


  • Chrome
    default is available and active
  • Firefox
    • about:config
    • media.peerconnection.enabled set to true (default true)
  • Opera
    only when configured, with a plugin, to run Google Chrome extensions


webrtc-ips, a STUN & WebRTC test rig

  • diafygi/webrtc-ips
  • via on-page JavaScript, makes latent requests to certain STUN servers.
  • Firefox 34 → Does. Not. Work.
  • Fails with
    Error: RTCPeerConnection constructor passed invalid RTCConfiguration - missing url webrtc-ips:58


  • Private Internet Access (PIA)
  • Real-Time-Communication (RTC)
  • Virtual Private Network (VPN)
  • WebRTC


In Privacy Online Forums:


  • 2013
  •  Since WebRTC uses javascript requests to get your IP address, users of NoScript or similar services will not leak their IP addresses.

Via: backfill.


  • about:config
  • media.peerconnection.enabled set to true (default true)

The App-ocalypse: Can Web standards make mobile apps obsolete? | Ars Technica

The App-ocalypse: Can Web standards make mobile apps obsolete?; Larry Seltzer; In Ars Technica; 2015-12-28.
Teaser: Many big tech companies—absent Apple—are throwing weight behind a browser-based world.

tl;dr → Betteridge’s Law; i.e. No.

  • WebApps are a Google-culture thing.
  • And good luck with Apple; they are intransigent in their non-interest.


In (the arbitrary) order of appearance in the piece:



Via: backfill.

SubResource Integrity (SRI)


  • Blink/Chromium → 355467Subresource Integrity; In Google Chromium Bugzilla; 2014-03-24.
  • Gecko → 992096 Implement Subresource Integrity; In Mozilla Bugzilla; 2014-09-03.
  • Subresource Integrity (SRI) Manager, a WordPress Plugin;; 2015-06-15.
    requires WordPress v4.1 to WordPress 4.2.5.





SRI Hash Generator

cat FILENAME.js |
openssl dgst -sha384 -binary |
openssl enc -base64 -A
<script src=""

Fetch API of HTML5


  • Fetch bodies are read “at most once.”
  • Fetch responses may use streams, some day.
    … to deliver data to the applicatino “as it arrives.”
  • <quote cite=”ref“>Along with the transition to streams, Fetch will eventually have the ability to abort running fetch()es and some way to report the progress of a fetch. These are provided by XHR, but are a little tricky to fit in the Promise-based nature of the Fetch API.</quote>




Via: article

fetch("/data.json").then(function(res) {
  // res instanceof Response == true.
  if (res.ok) {
    res.json().then(function(data) {
  } else {
    console.log("Looks like the response wasn't perfect, got status", res.status);
}, function(e) {
  console.log("Fetch failed!", e);
fetch("", {
  method: "POST",
  headers: {
    "Content-Type": "application/x-www-form-urlencoded"
  body: "firstName=Nikhil&favColor=blue&password=easytoguess"
}).then(function(res) {
  if (res.ok) {
    alert("Perfect! Your settings are saved.");
  } else if (res.status == 401) {
    alert("Oops! You are not authorized.");
}, function(e) {
  alert("Error submitting form!");

Javascript Object Signing and Encryption (JOSE)

See Javascript Object Signing and Encryption (JOSE) at IETF

draft-ietf-jose-cookbook-08 Examples of Protecting Content using JavaScript Object Signing and Encryption (JOSE) 2014-12-24
draft-ietf-jose-json-web-algorithms-40 JSON Web Algorithms (JWA) 2015-01-13
draft-ietf-jose-json-web-encryption-40 JSON Web Encryption (JWE) 2015-01-13
draft-ietf-jose-json-web-key-41 JSON Web Key (JWK) 2015-01-16
draft-ietf-jose-json-web-signature-41 JSON Web Signature (JWS) 2015-01-16
draft-ietf-jose-jwk-thumbprint-04 JSON Web Key (JWK) Thumbprint 2015-03-03
RFC 7165
(was draft-ietf-jose-use-cases)
Use Cases and Requirements for JSON Object Signing and Encryption (JOSE) 2014-04
draft-bormann-jose-cose-00 Constrained Object Signing and Encryption (COSE) 2014-10-27
draft-jones-jose-key-managed-json-web-signature-00 Key Managed JSON Web Signature (KMJWS) 2015-03-03

Geofencing API | W3C

Geofencing API; editor: Marijn Kuisselbrink (Google); W3C; 2015-03-18.


  • Service Workers; editors: Alex Russell (Google), Jungkee Song (Samsung), Jake Archibald (Google); Working Draft; W3C; 2015-02-03.
  • Geolocation API Specification; editor: Andrei Popescu.(Google);  Recommendation; W3C; 2013-10-24.
  • Web IDL; editor: Cameron McCormack (Mozilla); Candidate Recommendation; W3C; 2012-04-19.


The following code extracts illustrate how to use this API to be notified of geographic regions being entered or left.

Example 1: Monitor a region
  function(serviceWorkerRegistration) {
        new CircularGeofenceRegion({
          name: "myfence",
          latitude: 37.421999,
          longitude: -122.084015,
          radius: 1000
        }), {includePosition: true}).then(
      function(geofence) {
        // If more than just a name needs to be stored with a geofence, now
        // would be the time to store this in some storage.
      }, function(error) {
        // During development it often helps to log errors to the
        // console. In a production environment it might make sense to
        // also report information about errors back to the
        // application server.
Example 2: Respond to a region being entered
self.ongeofenceenter = function(event) {

  // If this is not a geofence of interest anymore, remove it.
  if ( !== "myfence") {
Example 3: Respond to an error condition
self.ongeofenceerror = function(event) {

  // Some error condition occured. The region is no longer monitored, and won't
  // trigger any more events.

  // Try to re-monitor, although depending on the error this might fail.
    function(geofence) {
      // re-monitoring succeeded, new geofence will have a different ID.
    }, function(error) {
      // re-monitoring failed.
Example 4: Unmonitor a region in response to some other event

// Either look geofence up by name:
self.onsomeevent = function(event) {
  event.waitUntil(self.registration.geofencing.getAll({name: "myfence"}).then(
    function(geofences) {
      for (let i = 0; i < geofences.length; ++i) {

// Or look geofence up by ID:
self.onsomeotherevent = function(event) {
  let geofence_id = "" /* somehow get the ID of a geofence */;
    function(geofence) {

Via: backfill

Beacon API (navigator.sendBeacon) | W3C

Beacon; editors: Arvind Jain (Google), Jatinder Mann (Microsoft); W3C; 2014-02-12.


  • Web IDL; editor: Cameron McCormack (Mozilla); Candidate Recommendation; W3C; 2012-04-19.


The following example shows a theoretical analytics code that attempts to submit data to a server by using a synchronous XMLHttpRequest in an unload handler. This results in the unload of the page to be delayed.

window.addEventListener('unload', logData, false);

function logData() {
    var client = new XMLHttpRequest();"POST", "/log", false); // third parameter indicates sync xhr
    client.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");

Using the sendBeacon method, the data will be transmitted asynchronously to the web server when the User Agent has had an opportunity to do so, without delaying the unload or affecting the performance of the next navigation.

The following example shows a theoretical analytics code pattern that submits data to a server using the by using the sendBeacon method.

window.addEventListener('unload', logData, false);

function logData() {
    navigator.sendBeacon("/log", analyticsData);


Via: backfill


httpp and httpps



  • 2010-Current.
  • 2012-10-28, announced to the

httpu and httpmu

draft-goland-http-udp-01Multicast and Unicast UDP HTTP Messages; Yaron Y. Goland (Microsoft); 1999-11-09 (expired: 2000-04).

  • New protocol names: httpu and httpmu
  • For httpmu the lack of a URI (a path) means *by some rationale (Section 5.3).
    • httpu:// and httpu:// are the same and have an implied path of / (slash)
    • httpmu:// and httpmu:// are different wherein the former has a path of * (star) and the latter has a path of / (slash), as per usual.
  • New headers (Section 11)
    • AL is like Location, but allows for multiple redirect locations
    • mx is a response-delay advisory, in integral seconds (not fractional seconds).
    • S is a unique client identifier, unique across all time; requests without an S don’t require a response.
  • Cookies are not implementable in Somethings(S, Serial Sequence, Something; that globally unique Request Identifier)
    • Cookies are:
      • sent out by servers
      • returned by clients
    • Somethingsare:
      • sent out by clients
      • returned by servers
  • SSDP Mailing List (circa 1999)


  • TURN
  • STUN



General UDP

at Jimi Wales’ Wiki


ServiceWorker of HTML5



  • Push Notifications
  • Offline First
  • Background Sync


  • ServiceWorker is like SharedWorker
    • Own thread.
    • No DOM, no page access, no need for a page.
    • Has an upgrade model.
    • HTTPS only.
  • Cross Origin Resource Sharing (CORS)
    • by default,
    • but no-cors is possible
  • ECMAScript
    • ECMAScript 5 (ES5)
    • ECMAScript 6 (ES6)
    • ECMAScript 7 (ES7)
      • async functions
      • await




  • about:config
    • dom.serviceWorker.enabled
    • dom.serviceWorkers.testing.enabled





User Agent Detection


Let’s Encrypt

Let’s Encrypt

Internet Security Research Group (ISRG)


  • Mozilla
  • Akamai
  • Cisco
  • Electronic Frontier Foundation (EFF)
  • IdentTrust




  1. Your Public Key exists (and is public)
  2. [Automated] proof of domain ownership
    1. a DNS record in your domain
    2. a URI on your server in the domain
  3. Client to Let’s Encrypt (LE)
    1. Client requests service from LE
    2. LE responds with a nonce to be signed
    3. Client is validated
  4. Client requests a Certificate
    1. Client initiates a PKCS#10 Certificate Signing Request
    2. …etc…

How It Works

$ sudo apt-get install lets-encrypt
$ lets-encrypt

Via: backfill

Proxygen by Facebook, a C++ HTTP Framework

Daniel Sommermann, Alan Frindell (Facebook); Introducing Proxygen, Facebook’s C++ HTTP Framework; In Their Blog; 2014-11-09.



Language LOC App LOC Test LOC
am 695 572 123
c++ 47,712 35,075 12,637
py 163 163 0
sh 84 84 0
total 48,654 35,894 12,760

Language (C++)

  • C++11
  • In-class initializers
  • Uniform Initialization
    • brace-enclosed initializers
    • in-class initializers
  • move semantics
  • namespaces
  • const
  • return value optimization (functions returning containers)
  • seems formatted for 80 character teletype screens.
  • std::unique_ptr
  • bool as single bitfield
  • range for loop
  • auto
  • std::string in lieu of char * (sometimes)
  • std::vector in lieu of arrays (sometimes)
  • attributes
    • final
    • ifunc (indirect function, per ELF)
    • noexcept
    • override
    • __attribute__((constructor))
  • static_assert
  • std::function
  • std::thread
  • std::chrono (seconds, milliseconds)


  • Python
  • Ruby
  • gperf

Physical Design

  • (outline) function definitions separated from the function declaration (mostly)
  • roughly one class per file
  • Suffixes
    • *.hpp
    • *.cpp

Build System

  • autotools (automake, autoconf)
  • doxygen


  • Ubuntu


Via: backfill




LOC File
264 ./proxygen/proxygen/
27 ./proxygen/proxygen/httpserver/
10 ./proxygen/proxygen/httpserver/samples/echo/
1 ./proxygen/proxygen/httpserver/samples/
1 ./proxygen/proxygen/lib/http/codec/
135 ./proxygen/proxygen/lib/http/
1 ./proxygen/proxygen/lib/http/session/
13 ./proxygen/proxygen/lib/
29 ./proxygen/proxygen/lib/services/
28 ./proxygen/proxygen/lib/ssl/
62 ./proxygen/proxygen/lib/utils/
1 ./proxygen/proxygen/
2381 ./proxygen/proxygen/external/http_parser/http_parser_cpp.cpp
319 ./proxygen/proxygen/external/http_parser/http_parser.h
3142 ./proxygen/proxygen/external/http_parser/test.c
59 ./proxygen/proxygen/httpserver/filters/DirectResponseHandler.h
125 ./proxygen/proxygen/httpserver/Filters.h
106 ./proxygen/proxygen/httpserver/filters/RejectConnectFilter.h
92 ./proxygen/proxygen/httpserver/HTTPServerAcceptor.cpp
48 ./proxygen/proxygen/httpserver/HTTPServerAcceptor.h
205 ./proxygen/proxygen/httpserver/HTTPServer.cpp
142 ./proxygen/proxygen/httpserver/HTTPServer.h
86 ./proxygen/proxygen/httpserver/HTTPServerOptions.h
78 ./proxygen/proxygen/httpserver/Mocks.h
186 ./proxygen/proxygen/httpserver/RequestHandlerAdaptor.cpp
74 ./proxygen/proxygen/httpserver/RequestHandlerAdaptor.h
76 ./proxygen/proxygen/httpserver/RequestHandlerFactory.h
99 ./proxygen/proxygen/httpserver/RequestHandler.h
198 ./proxygen/proxygen/httpserver/ResponseBuilder.h
84 ./proxygen/proxygen/httpserver/ResponseHandler.h
56 ./proxygen/proxygen/httpserver/samples/echo/EchoHandler.cpp
47 ./proxygen/proxygen/httpserver/samples/echo/EchoHandler.h
87 ./proxygen/proxygen/httpserver/samples/echo/EchoServer.cpp
41 ./proxygen/proxygen/httpserver/samples/echo/EchoStats.h
192 ./proxygen/proxygen/httpserver/ScopedHTTPServer.h
36 ./proxygen/proxygen/httpserver/SignalHandler.cpp
37 ./proxygen/proxygen/httpserver/SignalHandler.h
218 ./proxygen/proxygen/lib/http/codec/CodecDictionaries.h
92 ./proxygen/proxygen/lib/http/codec/CodecProtocol.cpp
51 ./proxygen/proxygen/lib/http/codec/CodecProtocol.h
409 ./proxygen/proxygen/lib/http/codec/compress/GzipHeaderCodec.cpp
96 ./proxygen/proxygen/lib/http/codec/compress/GzipHeaderCodec.h
128 ./proxygen/proxygen/lib/http/codec/compress/HeaderCodec.h
46 ./proxygen/proxygen/lib/http/codec/compress/Header.h
61 ./proxygen/proxygen/lib/http/codec/compress/HeaderPiece.h
210 ./proxygen/proxygen/lib/http/codec/compress/HeaderTable.cpp
221 ./proxygen/proxygen/lib/http/codec/compress/HeaderTable.h
105 ./proxygen/proxygen/lib/http/codec/compress/HPACKCodec.cpp
56 ./proxygen/proxygen/lib/http/codec/compress/HPACKCodec.h
50 ./proxygen/proxygen/lib/http/codec/compress/HPACKConstants.h
59 ./proxygen/proxygen/lib/http/codec/compress/HPACKContext.cpp
58 ./proxygen/proxygen/lib/http/codec/compress/HPACKContext.h
105 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecodeBuffer.cpp
84 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecodeBuffer.h
167 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecoder.cpp
78 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecoder.h
112 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncodeBuffer.cpp
94 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncodeBuffer.h
155 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncoder.cpp
75 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncoder.h
36 ./proxygen/proxygen/lib/http/codec/compress/HPACKHeader.cpp
81 ./proxygen/proxygen/lib/http/codec/compress/HPACKHeader.h
345 ./proxygen/proxygen/lib/http/codec/compress/Huffman.cpp
138 ./proxygen/proxygen/lib/http/codec/compress/Huffman.h
158 ./proxygen/proxygen/lib/http/codec/compress/Logging.cpp
39 ./proxygen/proxygen/lib/http/codec/compress/Logging.h
111 ./proxygen/proxygen/lib/http/codec/compress/StaticHeaderTable.cpp
24 ./proxygen/proxygen/lib/http/codec/compress/StaticHeaderTable.h
39 ./proxygen/proxygen/lib/http/codec/ErrorCode.cpp
52 ./proxygen/proxygen/lib/http/codec/ErrorCode.h
124 ./proxygen/proxygen/lib/http/codec/FlowControlFilter.cpp
97 ./proxygen/proxygen/lib/http/codec/FlowControlFilter.h
1071 ./proxygen/proxygen/lib/http/codec/HTTP1xCodec.cpp
196 ./proxygen/proxygen/lib/http/codec/HTTP1xCodec.h
49 ./proxygen/proxygen/lib/http/codec/HTTPChecks.cpp
38 ./proxygen/proxygen/lib/http/codec/HTTPChecks.h
263 ./proxygen/proxygen/lib/http/codec/HTTPCodecFilter.cpp
175 ./proxygen/proxygen/lib/http/codec/HTTPCodecFilter.h
468 ./proxygen/proxygen/lib/http/codec/HTTPCodec.h
74 ./proxygen/proxygen/lib/http/codec/HTTPSettings.cpp
71 ./proxygen/proxygen/lib/http/codec/HTTPSettings.h
16 ./proxygen/proxygen/lib/http/codec/SettingsId.cpp
44 ./proxygen/proxygen/lib/http/codec/SettingsId.h
1584 ./proxygen/proxygen/lib/http/codec/SPDYCodec.cpp
378 ./proxygen/proxygen/lib/http/codec/SPDYCodec.h
163 ./proxygen/proxygen/lib/http/codec/SPDYConstants.cpp
130 ./proxygen/proxygen/lib/http/codec/SPDYConstants.h
81 ./proxygen/proxygen/lib/http/codec/SPDYUtil.cpp
144 ./proxygen/proxygen/lib/http/codec/SPDYUtil.h
16 ./proxygen/proxygen/lib/http/codec/SPDYVersion.h
47 ./proxygen/proxygen/lib/http/codec/SPDYVersionSettings.h
33 ./proxygen/proxygen/lib/http/codec/TransportDirection.cpp
28 ./proxygen/proxygen/lib/http/codec/TransportDirection.h
61 ./proxygen/proxygen/lib/http/HTTPCommonHeaders.template.h
167 ./proxygen/proxygen/lib/http/HTTPConnector.cpp
152 ./proxygen/proxygen/lib/http/HTTPConnector.h
32 ./proxygen/proxygen/lib/http/HTTPConstants.cpp
67 ./proxygen/proxygen/lib/http/HTTPConstants.h
31 ./proxygen/proxygen/lib/http/HTTPException.cpp
169 ./proxygen/proxygen/lib/http/HTTPException.h
308 ./proxygen/proxygen/lib/http/HTTPHeaders.cpp
423 ./proxygen/proxygen/lib/http/HTTPHeaders.h
34 ./proxygen/proxygen/lib/http/HTTPHeaderSize.h
831 ./proxygen/proxygen/lib/http/HTTPMessage.cpp
98 ./proxygen/proxygen/lib/http/HTTPMessageFilters.h
724 ./proxygen/proxygen/lib/http/HTTPMessage.h
45 ./proxygen/proxygen/lib/http/HTTPMethod.cpp
59 ./proxygen/proxygen/lib/http/HTTPMethod.h
34 ./proxygen/proxygen/lib/http/ProxygenErrorEnum.cpp
73 ./proxygen/proxygen/lib/http/ProxygenErrorEnum.h
81 ./proxygen/proxygen/lib/http/RFC2616.cpp
73 ./proxygen/proxygen/lib/http/RFC2616.h
23 ./proxygen/proxygen/lib/http/session/AckLatencyEvent.h
33 ./proxygen/proxygen/lib/http/session/ByteEvents.cpp
105 ./proxygen/proxygen/lib/http/session/ByteEvents.h
171 ./proxygen/proxygen/lib/http/session/ByteEventTracker.cpp
85 ./proxygen/proxygen/lib/http/session/ByteEventTracker.h
67 ./proxygen/proxygen/lib/http/session/CodecErrorResponseHandler.cpp
42 ./proxygen/proxygen/lib/http/session/CodecErrorResponseHandler.h
122 ./proxygen/proxygen/lib/http/session/HTTPDirectResponseHandler.cpp
52 ./proxygen/proxygen/lib/http/session/HTTPDirectResponseHandler.h
89 ./proxygen/proxygen/lib/http/session/HTTPDownstreamSession.cpp
73 ./proxygen/proxygen/lib/http/session/HTTPDownstreamSession.h
34 ./proxygen/proxygen/lib/http/session/HTTPErrorPage.cpp
70 ./proxygen/proxygen/lib/http/session/HTTPErrorPage.h
47 ./proxygen/proxygen/lib/http/session/HTTPEvent.cpp
126 ./proxygen/proxygen/lib/http/session/HTTPEvent.h
102 ./proxygen/proxygen/lib/http/session/HTTPSessionAcceptor.cpp
141 ./proxygen/proxygen/lib/http/session/HTTPSessionAcceptor.h
71 ./proxygen/proxygen/lib/http/session/HTTPSessionController.h
2002 ./proxygen/proxygen/lib/http/session/HTTPSession.cpp
832 ./proxygen/proxygen/lib/http/session/HTTPSession.h
25 ./proxygen/proxygen/lib/http/session/HTTPSessionStats.h
933 ./proxygen/proxygen/lib/http/session/HTTPTransaction.cpp
118 ./proxygen/proxygen/lib/http/session/HTTPTransactionEgressSM.cpp
71 ./proxygen/proxygen/lib/http/session/HTTPTransactionEgressSM.h
1155 ./proxygen/proxygen/lib/http/session/HTTPTransaction.h
134 ./proxygen/proxygen/lib/http/session/HTTPTransactionIngressSM.cpp
73 ./proxygen/proxygen/lib/http/session/HTTPTransactionIngressSM.h
116 ./proxygen/proxygen/lib/http/session/HTTPUpstreamSession.cpp
95 ./proxygen/proxygen/lib/http/session/HTTPUpstreamSession.h
66 ./proxygen/proxygen/lib/http/session/SimpleController.cpp
66 ./proxygen/proxygen/lib/http/session/SimpleController.h
162 ./proxygen/proxygen/lib/http/session/TransportFilter.cpp
124 ./proxygen/proxygen/lib/http/session/TransportFilter.h
27 ./proxygen/proxygen/lib/http/session/TTLBAStats.h
96 ./proxygen/proxygen/lib/http/Window.cpp
84 ./proxygen/proxygen/lib/http/Window.h
59 ./proxygen/proxygen/lib/services/AcceptorConfiguration.h
444 ./proxygen/proxygen/lib/services/Acceptor.cpp
342 ./proxygen/proxygen/lib/services/Acceptor.h
56 ./proxygen/proxygen/lib/services/ConnectionCounter.h
54 ./proxygen/proxygen/lib/services/HTTPAcceptor.h
45 ./proxygen/proxygen/lib/services/LoadShedConfiguration.cpp
109 ./proxygen/proxygen/lib/services/LoadShedConfiguration.h
60 ./proxygen/proxygen/lib/services/NetworkAddress.h
40 ./proxygen/proxygen/lib/services/RequestWorker.cpp
89 ./proxygen/proxygen/lib/services/RequestWorker.h
126 ./proxygen/proxygen/lib/services/ServerSocketConfig.h
58 ./proxygen/proxygen/lib/services/ServiceConfiguration.h
33 ./proxygen/proxygen/lib/services/Service.cpp
137 ./proxygen/proxygen/lib/services/Service.h
102 ./proxygen/proxygen/lib/services/ServiceWorker.h
66 ./proxygen/proxygen/lib/services/TransportInfo.cpp
279 ./proxygen/proxygen/lib/services/TransportInfo.h
160 ./proxygen/proxygen/lib/services/WorkerThread.cpp
129 ./proxygen/proxygen/lib/services/WorkerThread.h
24 ./proxygen/proxygen/lib/ssl/ClientHelloExtStats.h
53 ./proxygen/proxygen/lib/ssl/DHParam.h
31 ./proxygen/proxygen/lib/ssl/PasswordInFile.cpp
38 ./proxygen/proxygen/lib/ssl/PasswordInFile.h
23 ./proxygen/proxygen/lib/ssl/SSLCacheOptions.h
69 ./proxygen/proxygen/lib/ssl/SSLCacheProvider.h
95 ./proxygen/proxygen/lib/ssl/SSLContextConfig.h
654 ./proxygen/proxygen/lib/ssl/SSLContextManager.cpp
186 ./proxygen/proxygen/lib/ssl/SSLContextManager.h
354 ./proxygen/proxygen/lib/ssl/SSLSessionCacheManager.cpp
293 ./proxygen/proxygen/lib/ssl/SSLSessionCacheManager.h
42 ./proxygen/proxygen/lib/ssl/SSLStats.h
76 ./proxygen/proxygen/lib/ssl/SSLUtil.cpp
102 ./proxygen/proxygen/lib/ssl/SSLUtil.h
308 ./proxygen/proxygen/lib/ssl/TLSTicketKeyManager.cpp
198 ./proxygen/proxygen/lib/ssl/TLSTicketKeyManager.h
20 ./proxygen/proxygen/lib/ssl/TLSTicketKeySeeds.h
60 ./proxygen/proxygen/lib/utils/CobHelper.h
76 ./proxygen/proxygen/lib/utils/CryptUtil.cpp
22 ./proxygen/proxygen/lib/utils/CryptUtil.h
84 ./proxygen/proxygen/lib/utils/DestructorCheck.h
71 ./proxygen/proxygen/lib/utils/DomainNameMisc.h
34 ./proxygen/proxygen/lib/utils/Exception.cpp
46 ./proxygen/proxygen/lib/utils/Exception.h
358 ./proxygen/proxygen/lib/utils/FilterChain.h
43 ./proxygen/proxygen/lib/utils/HTTPTime.cpp
20 ./proxygen/proxygen/lib/utils/HTTPTime.h
16 ./proxygen/proxygen/lib/utils/NullTraceEventObserver.cpp
23 ./proxygen/proxygen/lib/utils/NullTraceEventObserver.h
159 ./proxygen/proxygen/lib/utils/ParseURL.cpp
112 ./proxygen/proxygen/lib/utils/ParseURL.h
242 ./proxygen/proxygen/lib/utils/Result.h
38 ./proxygen/proxygen/lib/utils/SocketOptions.cpp
24 ./proxygen/proxygen/lib/utils/SocketOptions.h
46 ./proxygen/proxygen/lib/utils/StateMachine.h
37 ./proxygen/proxygen/lib/utils/TestUtils.h
128 ./proxygen/proxygen/lib/utils/Time.h
32 ./proxygen/proxygen/lib/utils/TraceEventContext.h
130 ./proxygen/proxygen/lib/utils/TraceEvent.cpp
139 ./proxygen/proxygen/lib/utils/TraceEvent.h
24 ./proxygen/proxygen/lib/utils/TraceEventObserver.h
24 ./proxygen/proxygen/lib/utils/UtilInl.h
163 ./proxygen/proxygen/lib/utils/
54 ./proxygen/proxygen/
30 ./proxygen/proxygen/
11 ./proxygen/proxygen/httpserver/tests/
21 ./proxygen/proxygen/lib/http/codec/test/
21 ./proxygen/proxygen/lib/http/session/test/
14 ./proxygen/proxygen/lib/http/test/
16 ./proxygen/proxygen/lib/ssl/test/
27 ./proxygen/proxygen/lib/test/
13 ./proxygen/proxygen/lib/utils/test/
97 ./proxygen/proxygen/httpserver/samples/echo/test/EchoHandlerTest.cpp
154 ./proxygen/proxygen/httpserver/tests/HTTPServerTest.cpp
35 ./proxygen/proxygen/lib/http/codec/compress/test/HeaderPieceTests.cpp
134 ./proxygen/proxygen/lib/http/codec/compress/test/HeaderTableTests.cpp
345 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKBufferTests.cpp
283 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKCodecTests.cpp
202 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKContextTests.cpp
65 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKHeaderTests.cpp
96 ./proxygen/proxygen/lib/http/codec/compress/test/HTTPArchive.cpp
37 ./proxygen/proxygen/lib/http/codec/compress/test/HTTPArchive.h
312 ./proxygen/proxygen/lib/http/codec/compress/test/HuffmanTests.cpp
146 ./proxygen/proxygen/lib/http/codec/compress/test/LoggingTests.cpp
212 ./proxygen/proxygen/lib/http/codec/compress/test/RFCExamplesTests.cpp
61 ./proxygen/proxygen/lib/http/codec/compress/test/TestUtil.cpp
28 ./proxygen/proxygen/lib/http/codec/compress/test/TestUtil.h
222 ./proxygen/proxygen/lib/http/codec/test/FilterTests.cpp
130 ./proxygen/proxygen/lib/http/codec/test/HTTP1xCodecTest.cpp
130 ./proxygen/proxygen/lib/http/codec/test/MockHTTPCodec.h
1228 ./proxygen/proxygen/lib/http/codec/test/SPDYCodecTest.cpp
207 ./proxygen/proxygen/lib/http/codec/test/TestUtils.cpp
237 ./proxygen/proxygen/lib/http/codec/test/TestUtils.h
226 ./proxygen/proxygen/lib/http/session/test/DownstreamTransactionTest.cpp
1367 ./proxygen/proxygen/lib/http/session/test/HTTPDownstreamSessionTest.cpp
154 ./proxygen/proxygen/lib/http/session/test/HTTPSessionAcceptorTest.cpp
226 ./proxygen/proxygen/lib/http/session/test/HTTPSessionMocks.h
71 ./proxygen/proxygen/lib/http/session/test/HTTPSessionTest.h
153 ./proxygen/proxygen/lib/http/session/test/HTTPTransactionMocks.h
169 ./proxygen/proxygen/lib/http/session/test/HTTPTransactionSMTest.cpp
1411 ./proxygen/proxygen/lib/http/session/test/HTTPUpstreamSessionTest.cpp
1368 ./proxygen/proxygen/lib/http/session/test/MockCodecDownstreamTest.cpp
41 ./proxygen/proxygen/lib/http/session/test/TestUtils.cpp
34 ./proxygen/proxygen/lib/http/session/test/TestUtils.h
463 ./proxygen/proxygen/lib/http/test/HTTPMessageTest.cpp
49 ./proxygen/proxygen/lib/http/test/MockHTTPMessageFilter.h
128 ./proxygen/proxygen/lib/http/test/RFC2616Test.cpp
124 ./proxygen/proxygen/lib/http/test/WindowTest.cpp
83 ./proxygen/proxygen/lib/services/test/AcceptorTest.cpp
278 ./proxygen/proxygen/lib/ssl/test/SSLCacheTest.cpp
88 ./proxygen/proxygen/lib/ssl/test/SSLContextManagerTest.cpp
635 ./proxygen/proxygen/lib/test/TestAsyncTransport.cpp
158 ./proxygen/proxygen/lib/test/TestAsyncTransport.h
23 ./proxygen/proxygen/lib/test/TestMain.cpp
49 ./proxygen/proxygen/lib/utils/test/CryptUtilTest.cpp
538 ./proxygen/proxygen/lib/utils/test/GenericFilterTest.cpp
54 ./proxygen/proxygen/lib/utils/test/HTTPTimeTest.cpp
42 ./proxygen/proxygen/lib/utils/test/MockTime.h
137 ./proxygen/proxygen/lib/utils/test/ParseURLTest.cpp
73 ./proxygen/proxygen/lib/utils/test/ResultBenchmark.cpp
112 ./proxygen/proxygen/lib/utils/test/ResultTest.cpp
22 ./proxygen/proxygen/lib/utils/test/UtilTest.cpp

HTTP/2 all the things! | Ilya Grigorik (Google)

Ilya Grigorik (Google); HTTP/2 all the things!; At VENUE; WHEN? (2014-10?); 47 slides <-
Teaser: challenges, opportunities, and the exciting world ahead of us…


Via: backfill

Protecting Users by Confining JavaScript with COWL | Stefan, Yang, Marchenko, Russo, Herman, Karp, Mazières

Deian Stefan, Edward Z. Yang, Petr Marchenko, Alejandro Russo, Dave Herman, Brad Karp, David Mazières; Protecting Users by Confining JavaScript with COWL; In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI); 2014-10; 14 pages; landing.


Modern web applications are conglomerations of JavaScript written by multiple authors: application developers routinely incorporate code from third-party libraries, and mashup applications synthesize data and code hosted at different sites. In current browsers, a web application’s developer and user must trust third-party code in libraries not to leak the user’s sensitive information from within applications. Even worse, in the status quo, the only way to implement some mashups is for the user to give her login credentials for one site to the operator of another site. Fundamentally, today’s browser security model trades pri- vacy for flexibility because it lacks a sufficient mechanism for confining untrusted code. We present COWL, a robust JavaScript confinement system for modern web browsers. COWL introduces label-based mandatory access control to browsing contexts in a way that is fully backward-compatible with legacy web content. We use a series of case-study applications to motivate COWL’s design and demonstrate how COWL allows both the inclusion of untrusted scripts in applications and the building of mashups that combine sensitive information from multiple mutually distrusting origins, all while protecting users’ privacy. Measurements of two COWL implementations, one in Firefox and one in Chromium, demonstrate a virtually imperceptible increase in page-load latency.


  • New web privacy system could revolutionize the safety of Internet surfing; University College London (UCL); press release; 2014-10-06.
    Teaser: Researchers have built a new system that protects Internet users’ privacy whilst increasing the flexibility for web developers to build web applications that combine data from different web sites, dramatically improving the safety of surfing the web.

Via: backfill


  • <quote>In practice, web developers turn their backs on privacy
    in favor of flexibility because the browser doesn’t offer primitives that let them opt for both. For example, a developer may want to include untrusted JavaScript from another origin in his application. All-or-nothing DAC leads the developer to include the untrusted library with a script tag, which effectively bypasses the SOP, interpolating untrusted code into the enclosing page and granting it unfettered access to the enclosing page’s origin’s content. And when a developer of a mashup that integrates content from other origins finds that the SOP forbids his application from retrieving data from them, he designs his mashup to require that the user provide the mashup her login credentials for the sites at the two other origins [2]—the epitome of “functionality over privacy.”</quote>


  • Confinement with Origin Web Labels (COWL)
  • Content Security Policy (CSP)
  • Cross Origin Resource Sharing (CORS)
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Same Origin Policy (SOP)
  • Document Object Model (DOM)
  • postMessage
  • XMLHttpRequest (XHR)
  • Chromium
    • Blnk
  • Firefox
    • Gecko
  • Web Worker
    • LWorker
  • XHR
  • JSON


  • symmetric confinement
  • hierarchical confinement
  • delegation
  • mutually-distrusting parties
  • Decentralized Label Model (DLM) of Myers & Liskov
  • Nexus
  • First-order logics
  • Circular flow of information (fixed points?)
  • membrane pattern


  • coarse-grained
  • fine-grained
  • protection zones
  • iframe containment (IFC)
  • symmetric confinement
  • tainting
    • over-tainting


  • BFlow
  • Data-Confined Sandbox (DCS)
    • data:URI iframes
  • JSFlow
  • Secure-Multi Execution (SME)
  • Caja
  • BrowserShield
  • WebJail
  • TreeHouse
  • JSand
  • SafeScript
  • Defensive JavaScript
  • Embassies


  1. Google Caja. A source-to-source translator for securing JavaScript-based web content. 2013.
  2. Mint. 2013.
  3. jQuery Usage Statistics: Websites using jQuery. 2014.
  4. P. Agten, S. Van Acker, Y. Brondsema, P. H. Phung, L. Desmet, and F. Piessens. JSand: complete client-side sandboxing of third-party JavaScript without browser modifications. In Proceedings of the Annual Computer Security Applications Conference (ACSAC). 2012.
  5. D. Akhawe, F. Li, W. He, P. Saxena, and D. Song. Data-confined HTML5 applications. In ESORICS, (CSP). 2013.
  6. L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker, and S. A. Haghighat. Practical domain and type enforcement for UNIX. In Proceedings of the IEEE Symposium on Security and Privacy. 1995.
  7. A. Barth. The web origin concept. Technical report RFC 6454, IETF, 2011.
  8. A. Barth, C. Jackson, and J. Mitchell. Securing frame communication in browsers. In Communications of the ACM (CACM). Volume 52, Number 6. pages 83–91, 2009.
  9. K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis. In USENIX Security, 2013. Language-based defenses against untrusted browser origins. In Proceedings of USENIX Security. 2013.
  10. N. Carlini, A. P. Felt, and D. Wagner. An evaluation of the Google Chrome extension security architecture. In Proceedings of USENIX Security, 2012.
  11. E. Y. Chen, S. Gorbaty, A. Singhal, and C. Jackson. Self-exfiltration: The dangers of browser-enforced information flow control. In Proceedings of Web 2.0 Security and Privacy. 2012.
  12. W. De Groef, D. Devriese, N. Nikiforakis, and F. Piessens. FlowFox: a web browser with flexi- ble and precise information flow control. In Proceedings of the ACM Conference on Computer & Communications Security (CCS). 2012.
  13. D. Devriese and F. Piessens. Noninterference through Secure Multi-Execution. In Proceedings of the IEEE Symposium on Security and Privacy. 2010.
  14. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Manzières, F. Kaashoek, and R. Morris. Labels and event pro- cesses in the Asbestos operating system. In Proceedings of the USENIX Conference on Operating Systems Design & Implementation (OSDI). 2005.
  15. D. Hedin, A. Birgisson, L. Bello, and A. Sabelfeld. JSFlow: tracking information flow in JavaScript and its APIs. In SAC, 2014.
  16. J. Howell, B. Parno, and J. R. Douceur. Embassies: Radically refactoring the Web. In Proceedings of the USENIX Conference on Networked Systems Design & Implementation (NSDI). 2013.
  17. C. Hriţcu, M. Greenberg, B. Karel, B. C. Pierce, and G. Morrisett. All your ifcexception are belong to us. In Proceedings of the IEEE Symposium on Security and Privacy. 2013.
  18. L. Ingram and M. Walfish. Treehouse: JavaScript side sandboxes to help web developers help themselves. . In Proceedings of the USENIX Annual Technical Conference (ATC). 2012.
  19. C. Kerschbaumer (Mozilla). Faster Content Security Policy; In Their Blog. 2014.
  20. R. Kotcher, Y. Pei, P. Jumde, and C. Jackson. Cross-origin pixel stealing: timing attacks using CSS filters. In Proceedings of the ACM Conference on Computer & Communications Security (CCS). 2013.
  21. M. S. Miller. Robust composition: towards a unified approach to access control and concurrency control. PhD thesis, Johns Hopkins University, 2006.
  22. M. S. Miller and J. S. Shapiro. Paradigm regained: Abstraction mechanisms for access control. In Proceedings of the Asian Computing Science Conference (ASIAN). 2003-12. 20 pages; landing, presentation; also SRL Technical Report SRL2003-03, Department of Computer Science, Johns Hopkins University; also Hewlett-Packard Technical Report HPL-2003-222 (unabridged). (the E Language)
  23. M. S. Miller, K.-P. Yee, and J. Shapiro. Capability myths demolished. Technical Report SRL2003-02, Johns Hopkins University Systems Research Laboratory, 2003.
  24. S. Moitozo. Password Meter, JavaScript. 2006.
  25. B. Montagu, B. C. Pierce, and R. Pollack. A theory of information-flow labels. In Proceedings of the IEEE Conference on Security Foundations (CSF); 2013-06.
  26. Mozilla. Add-on builder and SDK. 2013.
  27. A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. In ACM Transactions on Software Engineering and Methodology (TOSEM). Volume 9, Number 4. 2000.
  28. C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. Browsershield: Vulnerability-driven filtering of dynamic HTML. In ACM Transactions on the Web (TWEB). Volume 1, Number 3. 2007-09.
  29. J. Reisg. Dromaeo: JavaScript performance testing. 2014.
  30. E. G. Sirer, W. de Bruijn, P. Reynolds, A. Shieh, K. Walsh, D. Williams, and F. B. Schneider. Logical attestation: an authorization architecture for trustworthy computing. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP). 2011.
  31. S. Son and V. Shmatikov. The postman always rings twice: Attacking and defending postMessage in HTML5 websites. In Proceedings of the Network and Distributed System Security Symposium (NDSS). 2013.
  32. E. Stark, M. Hamburg, and D. Boneh. Symmetric cryptography in JavaScript. In Proceedings of the Annual Computer Security Applications Conference (ACSAC). 2009.
  33. D. Stefan, A. Russo, D. Manzières, and J. C. Mitchell. Disjunction category labels. In Proceedings of the Nordic Security Conference (NordSec). 2011.
  34. D. Stefan, A. Russo, J. C. Mitchell, and D. Mazières. Flexible dynamic information flow control in Haskell. In Proceedings of the Haskell Symposium. 2011.
  35. D. Stefan, A. Russo, P. Buiras, A. Levy, J. C. Mitchell, and D. Manzières. Addressing covert termi nation and timing channels in concurrent information flow systems. In Proceedings of the International Conference on Functional Programming ICFP. 2012.
  36. M. Ter Louw, P. H. Phung, R. Krishnamurti, and V. N. Venkatakrishnan. SafeScript: JavaScript transformation for policy enforcement. In Proceedings of Secure IT Systems. 2013.
  37. S. Van Acker, P. De Ryck, L. Desmet, F. Piessens, and W. Joosen. WebJail: least-privilege integration of third-party components in web mashups. In Proceedings of the Annual Computer Security Applications Conference (ACSAC). 2011.
  38. A. Van Kesteren. Cross-Origin Resource Sharing (CORS), 2012.
  39. B. Vibber. CSRF token-stealing attack (user.tokens). Mozilla, a ticket. 2014.
  40. G. Wagner, A. Gal, C. Wimmer, B. Eich, and M. Franz. Compartmental memory management in a modern web browser. In SIGPLAN Notices. Volume 11, Number 46 part 2. 2011.
  41. H. J. Wang, X. Fan, J. Howell, and C. Jackson. Protection and communication abstractions for web browsers in MashupOS. In ACM SIGOPS Operating Systems Review. Volume 41, Number 6. 2007.
  42. WC3. Content Security Policy (CSP) v1.0. 2012.
  43. WC3. HTML5 web messaging. 2012.
  44. WC3. Web Workers. 2012.
  45. WC3. Cross-Origin Resource Sharing (CORS). 2013.
  46. WC3. Content Security Policy (CSP) v1.1. 2013.
  47. WC3. HTML5. 2013.
  48. WHATWG. HTML living standard. 2013.
  49. E. Yang, D. Stefan, J. Mitchell, D. Mazières, P. Marchenko, and B. Karp. Toward principled browser security. In Proceedings of HotOS. 2013.
  50. A. Yip, N. Narula, M. Krohn, and R. Morris. Privacy-preserving browser-side scripting with BFlow. In Proceedings of EuroSys. 2009.
  51. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In Proceedings of the USENIX Conference on Operating Systems Design & Implementation (OSDI). 2006.
  52. M. Zelwski. Browser Security Handbook, Part 2, 2011.


Making the Web Faster with HTTP 2.0 | Ilya Grigorik

Ilya Grigorik; Making the Web Faster with HTTP 2.0; In ACM Queue; 2013-12-03.


Via: backfill

Click-to-Play in Mozilla’s Firefox


Via: backfill, backfill

, Mozilla Wiki

; In Mozilla Support

JavaScript checkers & linters

Dynamic Adaptive Streaming over HTTP (DASH)



  • MPEG-DASH Media Presentation Description (MPD)


  • Adaptive HTTP streaming (AHS) in 3GPP Release 9
  • HTTP Adaptive Streaming (HAS) in Open IPTV Forum Release 2.


  • Adobe Systems, HTTP Dynamic Streaming,
  • Apple, HTTP Live Streaming (HLS)
  • Microsoft Smooth Streaming.



  • Use Cases
    • On-Demand
    • Live
  • Ad insertion. Advertisements can be inserted as a period between periods or segment between segments in both on-demand and live cases.
  • CDN
    • Multiple URL
    • CCN (CCNx)
  • Codec
    • Agnostic
    • Common Encryption
    • Multiple DRM
  • Coding
    • Scalable Video Coding (SVC)
    • Multiview Video Coding (MVC)


Via: backfill

Deep Links



  • URL =>
  • URI => profile://user123.



Organized along the great cultures






Cellogic (

  •, an ad retargeting network
  • Nextap (
  • Concept: “ for deep linking”
  • Specifications
    • 300×50 template
    • app badge icon
    • custom message
    • link
  • Who
    • Itamar Weisbrod, CEO
    • Noah Klausman, VP of Business Development
  • Previously



  • By Zwapp
  • open source
  • a database (unpublished) custom URL schemes for iOS applications
  • a downloadable tool
  • scans your iOS device looking for URLs


  • By Pocket Pixels, a photo app, iOS only
  • Older
  • Something about integrating photo sharing & editing web apps
  • iOS (iPhone) only
  • Source Code
  • Supported Apps
    • Original
    • Follow on
      • AutoStitch,
      • Click!,
      • Color Splash,
      • Juxtaposer,
      • PicTools,
      • Photogene,
      • Simply B&W,
      • Snap!,
      • TrueHDR.
  • Promotions



  • Mobile ad retargeting
  • Outreach
  • Promotion
    • Surely …



  • Mobile App Deeplink Retargeting
  • URX Mobile App Retargeting
  • Outreach
  • Founding
  • Funding
    • Y Combinator Summer 2012
    • $3.1 million seed round
    • Include First Round Capital, Maverick Capital, Google Ventures, SV Angel, Betaworks, Crunchfund (Michael Arrington), Greylock, CyberAgent, Fuel Capital, Garry Tan, Alexis Ohanian, Charlie Cheever, Sam Altman, Paul Bucheit, Geoff Ralston, Gus Fuldner, Plug & Play Ventures, Paul Sethi, Bill Peckovich, Joe Montana, Mehul Nariyawal, Dalton Caldwell, Virginia Turner, Andre Ranadive, Linda MacKenzie, Jamie Lee Curtis, Christopher Guest, Sumon Sadhu, Bruno Bowden, Chris Look, Nicholas Smith, and the Erickson Family.
  • Reference Customer
    • LivingSocial
  • Promotions


of the genre

Via: backfill, backfill, backfill

App Installs and Deep-Linking in Twitter Cards | Twitter


  • Twitter Cards are based on Open Graph.
  • The value is specified in the “twitter:app:name:(iphone|ipad|googleplay)” tags.


<meta name="twitter:app:name:iphone" content="Example App"/>
<meta name="twitter:app:id:iphone" content="306934135"/>
<meta name="twitter:app:url:iphone" content="example://action/5149e249222f9e600a7540ef"/>
<meta name="twitter:app:name:ipad" content="Example App"/>
<meta name="twitter:app:id:ipad" content="306934135"/>
<meta name="twitter:app:url:ipad" content="example://action/5149e249222f9e600a7540ef"/>
<meta name="twitter:app:name:googleplay" content="Example App"/>
<meta name="twitter:app:id:googleplay" content=""/>
<meta name="twitter:app:url:googleplay" content=""/>
<meta name="twitter:card" content="summary">
<meta name="twitter:site" content="@nytimesbits">
<meta name="twitter:creator" content="@nickbilton">
<meta property="og:url" content="">
<meta property="og:title" content="A Twitter for My Sister">
<meta property="og:description" content="In the early days, Twitter grew so quickly that it was almost impossible to add new features because engineers spent their time trying to keep the rocket ship from stalling.">
<meta property="og:image" content="">

Via: backfill.