chromium/third_party/blink/web_tests/external/wpt/client-hints/accept-ch/non-secure.http.html

<html>
<body>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>

<script>

// When the response for the HTML file contains "Accept-CH" in the response
// headers, then the browser should not attach the specified client hints in
// the HTTP request headers if the response was delivered by an insecure HTTP
// server. Test this functionality by fetching an XHR from this page hosted on
// an insecure HTTP server. The response headers for this page include
// "Accept-CH: device-memory, dpr, viewport-width, rtt, downlink, ect".
//
// resources/echo-client-hints-received.py sets the response headers depending on the set
// of client hints it receives in the request headers.

  promise_test(t => {
  return fetch("/client-hints/resources/echo-client-hints-received.py").then(r => {
    assert_equals(r.status, 200)
    // Verify that the browser does not include client hints in the headers
    // when fetching the XHR from an insecure HTTP server.
    assert_false(r.headers.has("device-memory-received"), "device-memory-received");
    assert_false(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
    assert_false(r.headers.has("dpr-received"), "dpr-received");
    assert_false(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
    assert_false(r.headers.has("viewport-width-received"), "viewport-width-received");
    assert_false(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
    assert_false(r.headers.has("rtt-received"), "rtt-received");
    assert_false(r.headers.has("downlink-received"), "downlink-received");
    assert_false(r.headers.has("ect-received"), "ect-received");
  });
}, "Accept-CH header test");

</script>

</body>
</html>