[Talinx]

What about a HTML tag that includes a hash sum? Only request the resource if not already present. That could enable cross-website resource caching without leaking information. (IF the resource the site sends if necessary matches the resource of the tag, otherwise the hash sum would tell the server whether the user visited some other site.) Hashing content makes more sense than relying on the URL staying the same IMHO.

[mananaysiempre]

Including the hash is exactly what subresource integrity[1] does (it was even designed for a CDN context originally), but so far people haven’t figured out a sufficiently non-leaky design to use it for caching[2,3].

[1] https://developer.mozilla.org/en-US/docs/Web/Security/Subres...

[2] https://github.com/w3c/webappsec-subresource-integrity/issue...

[3] https://hillbrad.github.io/sri-addressable-caching/sri-addre...

[MarkSweep]

I think the reason this is not done is it would leak to the website if the user had previously downloaded the same file from a different website.

[vanviegen]

Sure. And you can do the same thing with a CDN file by timing how long it takes to load. Sub millisecond means cache.

[notriddle]

It's why newer versions of Firefox and Safari use segmented caches. Which, of course, means that loading fonts from a CDN no longer buys you anything at all.

[imajoredinecon]

Chrome as well. (The zdnet article above is about Chrome, which shipped this last year.)

[kevin_thibedeau]

The Decentraleyes extension does this.

[contravariant]

Unless the situation has changed the LocalCDN extension is a bit more active and contains more (recent) resources.