<!--
Copyright 2022 The Chromium Authors
Use of this source code is governed by a BSD-style license that can be
found in the LICENSE file.
-->
<!--
This file is used to generate a comprehensive list of Privacy histograms
along with a detailed description for each histogram.
For best practices on writing histogram descriptions, see
https://chromium.googlesource.com/chromium/src.git/+/HEAD/tools/metrics/histograms/README.md
Please follow the instructions in the OWNERS file in this directory to find a
reviewer.
-->
<histogram-configuration>
<histograms>
<variants name="ActivityTypeStoragePercentage">
<variant name="AGSACCT"
summary="Percentage of AGSACCT in the list stored in the
privacy_sandbox.activity_type.record pref"/>
<variant name="BrApp"
summary="Percentage of BrApp in the list stored in the
privacy_sandbox.activity_type.record pref"/>
<variant name="NonAGSACCT"
summary="Percentage of NonAGSACCT in the list stored in the
privacy_sandbox.activity_type.record pref"/>
<variant name="Other"
summary="Percentage of Other in the list stored in the
privacy_sandbox.activity_type.record pref"/>
<variant name="PreFirstTab"
summary="Percentage of PreFirstTab in the list stored in the
privacy_sandbox.activity_type.record pref"/>
<variant name="TWA"
summary="Percentage of TWA in the list stored in the
privacy_sandbox.activity_type.record pref"/>
<variant name="WebApk"
summary="Percentage of WebApk in the list stored in the
privacy_sandbox.activity_type.record pref"/>
<variant name="WebApp"
summary="Percentage of WebApp in the list stored in the
privacy_sandbox.activity_type.record pref"/>
</variants>
<variants name="DIPSCookieMode">
<variant name=".Block3PC"
summary="in a NON-off-the-record profile, with third-party cookies
blocked"/>
<variant name=".OffTheRecord_Block3PC"
summary="in an off-the-record profile, with third-party cookies blocked"/>
</variants>
<variants name="DIPSDatabaseOperation">
<variant name="ClearTimestamps" summary="ClearTimestamps"/>
<variant name="FilterSitesWithProtectiveEvent"
summary="FilterSitesWithProtectiveEvent"/>
<variant name="GetSitesThatBounced" summary="GetSitesThatBounced"/>
<variant name="GetSitesThatBouncedWithState"
summary="GetSitesThatBouncedWithState"/>
<variant name="GetSitesThatUsedStorage" summary="GetSitesThatUsedStorage"/>
<variant name="Init" summary="Init"/>
<variant name="Read" summary="Read"/>
<variant name="ReadPopup" summary="ReadPopup"/>
<variant name="ReadRecentPopupsWithInteraction"
summary="ReadRecentPopupsWithInteraction"/>
<variant name="RemoveRows" summary="RemoveRows"/>
<variant name="Write" summary="Write"/>
<variant name="WritePopup" summary="WritePopup"/>
</variants>
<variants name="DIPSRedirectType">
<variant name="Client" summary="client-side"/>
<variant name="Server" summary="server-side"/>
</variants>
<variants name="PSNotice">
<variant name="MeasurementNoticeModal"
summary="Restricted notice on Desktop."/>
<variant name="MeasurementNoticeModalClankBrApp"
summary="Restricted notice on Clank Browser App."/>
<variant name="MeasurementNoticeModalClankCCT"
summary="Restricted notice on Clank CCT."/>
<variant name="ProtectedAudienceMeasurementNoticeModal"
summary="Notice with info about PA and Measurement APIs on Desktop."/>
<variant name="ProtectedAudienceMeasurementNoticeModalClankBrApp"
summary="Notice with info about PA and Measurement APIs on Clank
Browser App."/>
<variant name="ProtectedAudienceMeasurementNoticeModalClankCCT"
summary="Notice with info about PA and Measurement APIs on Clank CCT."/>
<variant name="ThreeAdsAPIsNoticeModal"
summary="Notice with three APIs on Desktop."/>
<variant name="ThreeAdsAPIsNoticeModalClankBrApp"
summary="Notice with three APIs on Clank Browser App."/>
<variant name="ThreeAdsAPIsNoticeModalClankCCT"
summary="Notice with three APIs on Clank CCT."/>
<variant name="TopicsConsentDesktopModal"
summary="Consent notice with Topics API on Desktop."/>
<variant name="TopicsConsentModalClankBrApp"
summary="Consent notice with Topics API on Clank Browser App."/>
<variant name="TopicsConsentModalClankCCT"
summary="Consent notice with Topics API on Clank CCT."/>
</variants>
<!-- TODO(crbug.com/333408794): Add user action metrics for these. -->
<variants name="PSNoticeAction">
<variant name="Ack"
summary="Got it or any other ack action on a privacy sandbox notice."/>
<variant name="Closed"
summary="Closed (x) action on a privacy sandbox notice"/>
<variant name="LearnMore"
summary="Learn more action on a privacy sandbox notice."/>
<variant name="OptIn"
summary="Turn it on or any other opt in action on a privacy sandbox
notice."/>
<variant name="OptOut"
summary="No Thanks action or any other opt out action on a privacy
sandbox notice."/>
<variant name="Other"
summary="Any other action on a privacy sandbox notice."/>
<variant name="Settings"
summary="Settings action on a privacy sandbox notice."/>
<variant name="TimedOut"
summary="No action taken instead a privacy sandbox notice timed out."/>
</variants>
<histogram name="Privacy.3PCD.AdsHeuristicAddedToOverrides"
enum="AdsHeuristicCookieOverride" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>src/chrome/browser/tpcd/OWNERS</owner>
<summary>
Records what overrides were added to cookie setting overrides by the ads
heuristic. For non-ad cookie accesses, this records none. Only recorded
while the SkipTPCDMitigationsWithAdsHeuristic feature is on. Recorded once
on request start, or document.cookie access. Note that a single request may
emit multiple entries to this histogram, and the overall bucket proportions
will not be accurate.
</summary>
</histogram>
<histogram name="Privacy.3pcd.Experiment3pcBlockStatusHistogram"
enum="Experiment3pcBlockStatus" expires_after="2024-11-03">
<owner>[email protected]</owner>
<owner>src/chrome/browser/tpcd/OWNERS</owner>
<summary>
Records the state of 3P cookie enablement in relation to the requested 3P
cookie usage for the 3P cookie deprecation experiment when the 3P cookie
deprecation experiment is enabled.
Recorded for each main-frame navigation when that navigation commits. Only
counts HTTP or HTTPS URLs and ignores downloads.
</summary>
</histogram>
<histogram name="Privacy.3pcd.ProfileEligibilityMismatch"
enum="ProfileEligibilityMismatch" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>src/chrome/browser/tpcd/OWNERS</owner>
<summary>
Records the relationship between profile and client eligibility for 3PCD
Experiments.
All profiles on the same client share a single eligibility value for
experiment purposes, but it is possible that an individual profile on the
client has a different eligibility than the client value used. This
histogram records how often a profile's eligibility matches and mismatches
with the client eligibility used for the experiment.
Recorded each time a profile is first loaded in a browser session.
</summary>
</histogram>
<histogram name="Privacy.3PCD.SecCookieDeprecationHeaderStatus"
enum="SecCookieDeprecationHeaderStatus" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>src/chrome/browser/tpcd/OWNERS</owner>
<summary>
Recorded only for requests where a 3pcd facilitated testing is enabled (the
client is part of the experiment and the profile is not guest or incognito).
The metrics records `kSet` if the `Sec-Cookie-Deprecation` header is added
to the request. It records `kNoLabel` if there is no label available. This
happens when the client is ineligible to the experiment or when the label
value configured in the experiment is empty "" It records
`kNoCookie` if there is a label available but the opt-in cookie is not
available.
</summary>
</histogram>
<histogram name="Privacy.AFP.BlockList.CheckResult"
enum="AntiFingerprintingBlockListResult" expires_after="2024-04-01">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The result of checking the anti-fingerprinting blocklist for a URL and
deciding whether to block it. Recorded each time the blocklist is checked.
Only clients that have opted into the blocklist feature will emit this
metric.
</summary>
</histogram>
<histogram name="Privacy.ClearBrowsingData.TabsEnabled" enum="BooleanEnabled"
expires_after="2024-12-31">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Tracks whether the tabs deletion is disabled in Clear Browsing Data due to
the user having multiple windows.
</summary>
</histogram>
<histogram name="Privacy.ClearOnExitSyncEvent" enum="ClearOnExitSyncEvent"
expires_after="M103">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Interactions between sync and the cookies clear on exit setting. Only
recorded when the user has cookies clear on exit enabled.
Recorded on all profiles, including for profiles such as guest profiles that
do not allow modification of this setting. (This value logged on those cases
is the default value for the setting.)
</summary>
</histogram>
<histogram name="Privacy.ConsentAuditor.ConsentGiven.Feature"
enum="ConsentAuditorFeature" expires_after="M85">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Logged each time the user grants a consent for a feature integrated with the
consent auditor. The value indicates which feature.
</summary>
</histogram>
<histogram name="Privacy.ConsentAuditor.ConsentNotGiven.Feature"
enum="ConsentAuditorFeature" expires_after="M85">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Logged each time the user denies or revokes a consent for a feature
integrated with the consent auditor. The value indicates which feature.
</summary>
</histogram>
<histogram name="Privacy.CookieControlsActivated.PageRefreshCount"
units="count" expires_after="2025-02-02">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
How many times the page was refreshed in the last 30 seconds, recorded when
third-party party cookies are allowed using cookie controls UI.
</summary>
</histogram>
<histogram name="Privacy.CookieControlsActivated.SaaRequested"
enum="BooleanEnabled" expires_after="2025-02-02">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Whether storage access API was granted or blocked for the site, recorded
when third-party party cookies are allowed using cookie controls UI.
</summary>
</histogram>
<histogram name="Privacy.CookieControlsActivated.SiteDataAccessType"
enum="ThirdPartySiteDataAccessType" expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Represents if site data was accessed by any third-party sites and if any of
those accesses were blocked, recorded when third-party party cookies are
allowed using cookie controls UI.
</summary>
</histogram>
<histogram name="Privacy.CookieControlsActivated.SiteEngagementScore"
units="units" expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
The site engagement score, recorded when third-party party cookies are
allowed using cookie controls UI.
</summary>
</histogram>
<histogram name="Privacy.CookieControlsSetting{RegularProfileFiltered}"
enum="CookieControlsMode" expires_after="never">
<!-- expires-never: tracked as an important privacy metric. -->
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Whether third-party cookies are blocked in incognito mode or completely.
Recorded at the Profile startup. In case that "Block all cookies"
is selected in settings, this metric records BlockThirdParty.
This histogram is only recorded {RegularProfileFiltered}.
</summary>
<token key="RegularProfileFiltered">
<variant name=".RegularProfile"
summary="from version M-109. It is recorded only for regular profiles"/>
</token>
</histogram>
<histogram name="Privacy.DeleteBrowsingData.Action"
enum="DeleteBrowsingDataAction" expires_after="never">
<!-- expires-never: tracked as an important privacy metric. -->
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Horizontal metric to show CBD usage across various surfaces. Recorded when
the user deletes browsing data from one of these surfaces or when the
browser automatically deletes cookies because the user enabled
"ClearOnExit".
</summary>
</histogram>
<histogram name="Privacy.DIPS.BounceCategory{DIPSRedirectType}{DIPSCookieMode}"
enum="DIPSRedirectCategory" expires_after="2025-01-12">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
Whether a {DIPSRedirectType} redirect accessed cookies and whether its
origin previously had user engagement. Recorded when redirecting between
different sites, {DIPSCookieMode}.
In M-109, the DIPS Service was updated to explicitly not collect metrics for
non-user profiles, such as system profiles and ChromeOS Signin, LockScreen,
and LockScreenApp profiles.
</summary>
<token key="DIPSCookieMode" variants="DIPSCookieMode"/>
<token key="DIPSRedirectType" variants="DIPSRedirectType"/>
</histogram>
<histogram name="Privacy.DIPS.ClearedSitesCount{DIPSCookieMode}" units="sites"
expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
The number of sites that may have had their storage cleared by DIPS.
If DIPS deletion is on, third-party cookies are blocked, and there are no
url-specific exemptions by the user for the latter, then, this is the number
of sites that have had storage cleared by DIPS. Otherwise, this number is
the sites that would've had their storage cleared if the above conditions
were met for all the sites.
This is recorded every time the DIPS timer is fired, which is determined by
the `timer_delay` parameter of the DIPS feature.
This is only logged for site-data clearing that occurs as a result of DIPS.
If a site contributes to this count then it has performed a potential
tracking action (e.g. writing to storage, bouncing the user, or both)
without the user interacting with that site before, or soon after, the
action.
</summary>
<token key="DIPSCookieMode" variants="DIPSCookieMode"/>
</histogram>
<histogram name="Privacy.DIPS.Database.Operation.{DIPSDatabaseOperation}Time"
units="ms" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
The time taken to execute the {DIPSDatabaseOperation} DIPS database
operation.
Recorded for each call to the operation.
</summary>
<token key="DIPSDatabaseOperation" variants="DIPSDatabaseOperation"/>
</histogram>
<histogram name="Privacy.DIPS.DatabaseEntryCount" units="entries"
expires_after="2025-03-01">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
Number of entries present in the `bounces` table of the user's DIPS database
(where there is 1 entry per eTLD+1). For each user profile, reported at
profile open (which usually happens at startup). Also reported approximately
once every 24 hours thereafter, while the profile remains open and active.
If the database is new and therefore empty at startup, such as when a Guest
or other OTR profile is opened, a count of 0 will be reported.
</summary>
</histogram>
<histogram name="Privacy.DIPS.DatabaseErrors" enum="SqliteLoggedResultCode"
expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
Errors reported by SQLite while initializing or using the DIPS database.
</summary>
</histogram>
<histogram name="Privacy.DIPS.DatabaseHealthMetricsTime" units="ms"
expires_after="2025-03-01">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
The time taken to gather DIPS database health metrics. For each user
profile, these metrics are reported at profile open (which usually happens
at startup). They are also reported approximately once every 24 hours
thereafter, while the profile remains open and active. Note that Guest and
other OTR profiles (e.g. Incognito) will always startup with empty
databases, so that may explain why some databases collect health metrics so
quickly.
</summary>
</histogram>
<histogram name="Privacy.DIPS.DatabaseInit" units="attempts"
expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
Logs how many attempts it took to initialize the DIPS database. Logs a value
of 0 if all attempts failed.
</summary>
</histogram>
<histogram name="Privacy.DIPS.DatabaseSize" units="KB"
expires_after="2024-11-03">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
The size of the DIPS database file. For each user profile, reported at
profile open (which usually happens at startup). Also reported approximately
once every 24 hours thereafter, while the profile remains open and active.
Note that Guest and other OTR profiles (e.g. Incognito) will always startup
with empty databases, so that may explain why some database files are very
small.
</summary>
</histogram>
<histogram name="Privacy.DIPS.DeletionLatency2" units="ms"
expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
The amount of time it takes to complete the DIPS deletion process.
This is recorded each time the deletion of DIPS-eligible sites begins. For
the case where the deletion is posted to the UI thread, this is the creation
time of the StateClearer; otherwise, it is before the call to
DIPSStorage::RemoveRows. This metric will be the result of |time when DIPS
deletion completed - time when DIPS deletion begins|.
</summary>
</histogram>
<histogram name="Privacy.DIPS.Deletion{DIPSCookieMode}"
enum="DIPSDeletionAction" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
This is recorded each time we initiate a possible deletion of state on
DIPS-eligible (incidental) sites. This metric will represents the action
taken based on multiple conditions gating the actual deletion.
This is recorded with {DIPSCookieMode} profiles.
</summary>
<token key="DIPSCookieMode" variants="DIPSCookieMode"/>
</histogram>
<histogram name="Privacy.DIPS.DIPSErrorCodes" enum="DIPSErrorCode"
expires_after="2024-12-30">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
Tracks certain errors that DIPS may encounter when running on a client.
This is currently recorded when expected invariants are violated, such as
there being an open-ended time range in the database. See `DIPSErrorCode`
for all possible codes this histogram can output.
Since these error codes can be recorded several times by a client, using
per-client aggregation when analyzing this metric is recommended.
</summary>
</histogram>
<histogram name="Privacy.DIPS.TimeFromNavigationCommitToClientBounce"
units="ms" expires_after="2025-02-22">
<owner>[email protected]</owner>
<owner>src/chrome/browser/dips/OWNERS</owner>
<summary>
The amount of time after a navigation to a site commits until a renderer
initiated navigation (without user activation) is started to a different
site. Not recorded if the redirecting site does not access state (e.g.
cookies) or takes longer than 10 seconds to initiate the redirect (bounce).
In M-109, the DIPS Service was updated to explicitly not collect metrics for
non-user profiles, such as system profiles and ChromeOS Signin, LockScreen,
and LockScreenApp profiles.
</summary>
</histogram>
<histogram name="Privacy.DoNotTrackSetting2" enum="BooleanEnabled"
expires_after="never">
<!-- expires-never: tracked as an important privacy metric. -->
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Whether the Do Not Track setting is enabled. Recorded at the profile open,
only for regular profiles (not Incognito, Guest, etc.).
</summary>
</histogram>
<histogram name="Privacy.QuickDelete" enum="QuickDeleteAction"
expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Tracks interactions with the Quick Delete feature, including the entry
points and the dialog.
</summary>
</histogram>
<histogram name="Privacy.QuickDelete.TabsEnabled" enum="BooleanEnabled"
expires_after="2024-12-31">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Tracks whether the tabs deletion is disabled in the Quick delete dialog due
to the user having multiple windows.
</summary>
</histogram>
<histogram
name="Privacy.ThirdPartyCookieBlockingSetting{RegularProfileFiltered}"
enum="BooleanEnabled" expires_after="never">
<!-- expires-never: tracked as an important privacy metric. -->
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Whether the third party cookie blocking setting is enabled. Recorded at the
Profile startup.
Previously recorded as the "ThirdPartyCookieBlockingEnabled" and
"ThirdPartyCookieBlockingDisabled" actions.
This histogram is only recorded {RegularProfileFiltered}.
</summary>
<token key="RegularProfileFiltered">
<variant name=".RegularProfile"
summary="from version M-109. It is recorded only for regular profiles"/>
</token>
</histogram>
<histogram name="PrivacyGuide.CanShowNTPPromo" enum="Boolean"
expires_after="2025-04-01">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Recorded when we attempt to show a Privacy Guide NTP promotion as instructed
by the server. True if the conditions to do so are met.
</summary>
</histogram>
<!--TODO(crbug.com/348369971): Clean up old ActivityTypeStorage histograms.-->
<histogram
name="PrivacySandbox.ActivityTypeStorage.10MostRecentRecordsUserSegment"
enum="PrivacySandboxStorageUserSegmentByRecentActivity"
expires_after="2024-12-24">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the user segment based on the 10 most recent records. Recorded at
most once on Clank startup.
</summary>
</histogram>
<histogram
name="PrivacySandbox.ActivityTypeStorage.10MostRecentRecordsUserSegment2"
enum="PrivacySandboxStorageUserSegmentByRecentActivity"
expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the user segment based on the 10 most recent records. Recorded at
most once on Clank startup.
</summary>
</histogram>
<histogram
name="PrivacySandbox.ActivityTypeStorage.20MostRecentRecordsUserSegment"
enum="PrivacySandboxStorageUserSegmentByRecentActivity"
expires_after="2024-09-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the user segment based on the 20 most recent records. Recorded at
most once on Clank startup.
</summary>
</histogram>
<histogram
name="PrivacySandbox.ActivityTypeStorage.20MostRecentRecordsUserSegment2"
enum="PrivacySandboxStorageUserSegmentByRecentActivity"
expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the user segment based on the 20 most recent records. Recorded at
most once on Clank startup.
</summary>
</histogram>
<histogram name="PrivacySandbox.ActivityTypeStorage.DaysSinceOldestRecord"
units="days" expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the days since the oldest record in the Activity Type Storage list.
Recorded once on Clank startup.
</summary>
</histogram>
<histogram name="PrivacySandbox.ActivityTypeStorage.Percentage.AGSACCT"
units="%" expires_after="2024-09-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the percentage of AGSACCT activity type launches. Recorded once on
Clank startup.
</summary>
</histogram>
<histogram name="PrivacySandbox.ActivityTypeStorage.Percentage.BrApp" units="%"
expires_after="2024-09-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the percentage of BrApp activity type launches. Recorded once on
Clank startup.
</summary>
</histogram>
<histogram name="PrivacySandbox.ActivityTypeStorage.Percentage.NonAGSACCT"
units="%" expires_after="2024-09-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the percentage of NonAGSACCT activity type launches. Recorded once
on Clank startup.
</summary>
</histogram>
<histogram name="PrivacySandbox.ActivityTypeStorage.Percentage.TWA" units="%"
expires_after="2024-09-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the percentage of TWA activity type launches. Recorded once on Clank
startup.
</summary>
</histogram>
<histogram name="PrivacySandbox.ActivityTypeStorage.Percentage.WebApk"
units="%" expires_after="2024-09-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the percentage of WebApk activity type launches. Recorded once on
Clank startup.
</summary>
</histogram>
<histogram name="PrivacySandbox.ActivityTypeStorage.Percentage.WebApp"
units="%" expires_after="2024-09-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the percentage of WebApp activity type launches. Recorded once on
Clank startup.
</summary>
</histogram>
<histogram
name="PrivacySandbox.ActivityTypeStorage.Percentage.{ActivityTypeStoragePercentage}2"
units="%" expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the percentage of each PrivacySandboxStorageActivityType launch from
the list stored in the privacy_sandbox.activity_type.record pref
</summary>
<token key="ActivityTypeStoragePercentage"
variants="ActivityTypeStoragePercentage"/>
</histogram>
<histogram name="PrivacySandbox.ActivityTypeStorage.RecordsLength"
units="count" expires_after="2025-02-23">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the size of the activity type record log. Recorded once on Clank
startup.
</summary>
</histogram>
<histogram name="PrivacySandbox.ActivityTypeStorage.TypeReceived"
enum="PrivacySandboxStorageActivityType" expires_after="2025-06-01">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the PrivacySandboxStorageActivityType that privacy sandbox service
receives from the Clank side.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.KeyFetcher.HttpResponseOrNetErrorCode"
enum="CombinedHttpResponseAndNetErrorCode" expires_after="2025-07-13">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Error info for fetching public keys from the processing server. Recorded for
each fetch request. The HTTP response code is recorded if there is no net
error code for the request.
</summary>
</histogram>
<histogram name="PrivacySandbox.AggregationService.KeyFetcher.Status2"
enum="PrivacySandboxAggregationServiceKeyFetcherStatus"
expires_after="2024-11-03">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the high level status of each key network fetch request.
</summary>
</histogram>
<histogram name="PrivacySandbox.AggregationService.ReportAssembler.Status"
enum="PrivacySandboxAggregationServiceReportAssemblerStatus"
expires_after="never">
<!-- expires-never: critical system health metric for monitoring -->
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the high level status of each aggregatable report assembly request.
Recorded for reports requested from any API (e.g. Attribution Reporting
API).
This is a critical histogram monitored by alerts to
[email protected]. Please make sure future versions of
this histogram are properly set up for alerting, but prefer not to version
the histogram if possible.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.ReportSender{DelayType}.HttpResponseOrNetErrorCode"
enum="CombinedHttpResponseAndNetErrorCode" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Error info for sending an aggregatable report to a reporting endpoint,
recorded after attempting to send {DelayType}. The HTTP response code is
recorded if there is no net error code for the request. (See
content/browser/aggregation_service/README.md for more info on scheduled vs
unscheduled requests.)
</summary>
<token key="DelayType">
<variant name="" summary="every aggregatable report"/>
<variant name=".ScheduledWithFullDelay"
summary="reports that were scheduled with a full delay"/>
<variant name=".ScheduledWithReducedDelay"
summary="reports that were scheduled with a reduced delay"/>
<variant name=".Unscheduled" summary="unscheduled reports"/>
</token>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.ReportSender{DelayType}.Status"
enum="PrivacySandboxAggregationServiceReportSenderStatus"
expires_after="never">
<!-- expires-never: critical system health metric for monitoring -->
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the high level request status for {DelayType} sent sent to a
reporting endpoint. Recorded for reports requested from any API (e.g.
Attribution Reporting API).
Recorded for {DelayType}. It might retry in case of failure but only the
final status will be counted for each report. (See
content/browser/aggregation_service/README.md for more info on scheduled vs
unscheduled requests.)
This is a critical histogram monitored by alerts to
[email protected]. Please make sure future versions of
this histogram are properly set up for alerting, but prefer not to version
the histogram if possible.
</summary>
<token key="DelayType">
<variant name="" summary="every aggregatable report"/>
<variant name=".ScheduledWithFullDelay"
summary="reports that were scheduled with a full delay"/>
<variant name=".ScheduledWithReducedDelay"
summary="reports that were scheduled with a reduced delay"/>
<variant name=".Unscheduled" summary="unscheduled reports"/>
</token>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.ScheduledRequests.AssemblyTime"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration of time spent assembling a report. Recorded for each
assembly attempt for each scheduled report request. (See
content/browser/aggregation_service/README.md for more info on scheduled vs
unscheduled requests.)
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.ScheduledRequests.DelayFromOriginalReportTime"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration of time between a request's original scheduled report
time and the actual send completion time. This delay may be expected, e.g.
due to the browser being offline. System clock corrections and inaccuracies
may contribute noise to this metric. Recorded for each scheduled report
request, and repeated for each attempt to send it, whether successful or
not. Not recorded if no attempt is made due to the request already being
marked as in-progress.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.ScheduledRequests.NumRetriesBeforeSuccess"
units="retries" expires_after="2025-03-22">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Among scheduled report requests that succeeded (eventually), records the
number of retries needed, i.e. how many send attempts failed. For example, 2
if the attempts were: fail, fail, success.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.ScheduledRequests.SendAttemptTime"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records duration of time spent sending scheduled reports. The duration
starts before the call to AggregatableReportSender::SendReport() and it ends
when the HTTP request is complete. Recorded for each send attempt for each
scheduled report request.
</summary>
</histogram>
<histogram name="PrivacySandbox.AggregationService.ScheduledRequests.Status"
enum="AggregationServiceObserverReportStatus" expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the final status of a scheduled report request, i.e. whether it
succeeded eventually, including after retries (if any). In case of failure,
records the type of failure in the final retry attempt.
</summary>
</histogram>
<histogram name="PrivacySandbox.AggregationService.Scheduler.TimerFireDelay"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the difference between the time the AggregatableReportScheduler
timer actually fires and when it was supposed to fire. A large positive
delay would be a sign that the timer task is blocked by other tasks on the
queue. Negative delays will be recorded in the zero bucket. System clock
corrections and inaccuracies may contribute noise to this metric. Recorded
for each timer fire.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.Storage.RequestsRetrievalTime"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration of time that AggregatableReportScheduler spends looking
up requests in the storage layer, including async call overhead. Recorded
for each ReportSchedulerTimer fire.
</summary>
</histogram>
<histogram name="PrivacySandbox.AggregationService.Storage.Sql.CreationTime2"
units="ms" expires_after="2025-02-16">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the time it took to initialize a new aggregation service database
from scratch. Recorded when the aggregation service database finishes
initialization. Note that no event is recorded if `ThreadTicks` is not
supported.
</summary>
</histogram>
<histogram name="PrivacySandbox.AggregationService.Storage.Sql.Error"
enum="SqliteLoggedResultCode" expires_after="2025-02-16">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records SQLite database errors encountered by the aggregation service's
storage layer. Recorded by AggregationServiceStorageSql's database error
callback, except when errors are fatal. Consequently, we should not expect
to receive any samples from debug builds.
</summary>
</histogram>
<histogram name="PrivacySandbox.AggregationService.Storage.Sql.InitStatus"
enum="PrivacySandboxAggregationServiceStorageSqlInitStatus"
expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records initialization statuses of AggregationServiceStorageSql. Note:
currently AggregationServiceStorageSql is initialized lazily.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.Storage.Sql.RequestDelayFromUpdatedReportTime2"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the difference in time between a request's report time (which may
have been updated, e.g. due to a failed send attempt or the network coming
back online) and when the storage task to retrieve reports was posted.
Whereas we expect a large non-zero component in the
"DelayFromOriginalReportTime" histograms due to browsers closing,
going offline, etc., we expect this histogram to stay near zero. System
clock corrections and inaccuracies may contribute noise to this metric.
Recorded for each report request on each storage retrieval task, even if the
request is marked as in-progress.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.Storage.Sql.StoredRequestsPerReportingOrigin"
units="requests" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records how many requests were already stored for the reporting origin when
the capacity for that origin was checked. Recorded for each StoreRequest
attempt.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.Storage.Sql.StoreRequestHasCapacity"
enum="Boolean" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether there was sufficient capacity to store the request, i.e.
that the per-reporting origin limit had not been reached. Recorded for each
StoreRequest attempt.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.UnscheduledRequests.AssemblyTime"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration of time spent assembling a report. Recorded for each
assembly attempt for each unscheduled report request. Unlike scheduled
reports, unscheduled reports are sent as soon as they are requested. (See
content/browser/aggregation_service/README.md for more info on scheduled vs
unscheduled requests.) Currently, unscheduled reports are always debug
reports.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.UnscheduledRequests.DelayFromOriginalReportTime"
units="ms" expires_after="2025-05-20">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration of time between a request's original unscheduled report
time and the actual send completion time. Unlike scheduled reports,
unscheduled reports are sent as soon as they are requested. (See
content/browser/aggregation_service/README.md for more info on scheduled vs
unscheduled requests.) System clock corrections and inaccuracies may
contribute noise to this metric. Currently, unscheduled reports are always
debug reports. Recorded for each unscheduled report request.
</summary>
</histogram>
<histogram
name="PrivacySandbox.AggregationService.UnscheduledRequests.SendAttemptTime"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records duration of time spent sending unscheduled reports. The duration
starts before the call to AggregatableReportSender::SendReport() and it ends
when the HTTP request is complete. Recorded for each send attempt for each
unscheduled report request. Unlike scheduled reports, unscheduled reports
are sent as soon as they are requested. (See
content/browser/aggregation_service/README.md for more info on scheduled vs
unscheduled requests.) Currently, unscheduled reports are always debug
reports.
</summary>
</histogram>
<histogram name="PrivacySandbox.AggregationService.UnscheduledRequests.Status"
enum="AggregationServiceObserverReportStatus" expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the final status of an *unscheduled* report request, i.e. whether it
was successfully sent and, if not, the type of failure. These are typically
debug reports.
</summary>
</histogram>
<histogram
name="PrivacySandbox.Attestations.EstimateMemoryUsage.AttestationsMap"
units="KB" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the estimated dynamic memory usage by the parsed attestations map.
</summary>
</histogram>
<histogram
name="PrivacySandbox.Attestations.InitializationDuration.ComponentReadyFromApplicationStart"
units="ms" expires_after="2025-01-19">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the amount of time taken for the downloaded attestations file to be
detected from application starts. The measurement ends when `ComponentReady`
is invoked with valid inputs.
On ChromeOS: Before M129, the login screen counted as an interruption, so
most initialization times were being logged under
"ComponentReadyFromApplicationStartWithInterruption". This was
fixed in M129 to count as "ComponentReadyFromApplicationStart".
</summary>
</histogram>
<histogram
name="PrivacySandbox.Attestations.InitializationDuration.ComponentReadyFromApplicationStartWithInterruption"
units="ms" expires_after="2025-01-19">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the amount of time taken for the downloaded attestations file to be
detected from application starts with interruption during startup. For
example, if the user has multiple profiles, a profile picker will appear
during the startup. This is a non-browser UI that interrupts the startup
process. The measurement ends when `ComponentReady` is invoked with valid
inputs.
On ChromeOS: Before M129, the login screen counted as an interruption, so
most initialization times were being logged under
"ComponentReadyFromApplicationStartWithInterruption". This was
fixed in M129 to count as "ComponentReadyFromApplicationStart".
</summary>
</histogram>
<histogram
name="PrivacySandbox.Attestations.InitializationDuration.ComponentReadyFromBrowserWindowFirstPaint"
units="ms" expires_after="2025-01-19">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the amount of time taken for the downloaded attestations file to be
detected from first browser window paint. The measurement ends when
`ComponentReady` is invoked with valid inputs.
</summary>
</histogram>
<histogram name="PrivacySandbox.Attestations.InitializationDuration.Parsing"
units="ms" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the amount of time taken to parse the attestations file from disk.
The parsing is done on a thread pool thread, not on the main UI thread. The
measurement starts from the invocation of the protobuf parsing function and
ends when the function returns. Note this metric is recorded only if the
parsing succeeds.
</summary>
</histogram>
<histogram name="PrivacySandbox.Attestations.IsSiteAttested"
enum="PrivacySandboxApiAllowed" expires_after="2025-01-19">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the status of Privacy Sandbox APIs attestation checks. Each time a
Privacy Sandbox API attestation check takes place, the status is recorded.
The status can be allowed, or denied with reasons. This is an aggregate
metric across all Privacy Sandbox APIs that require attestations.
</summary>
</histogram>
<histogram name="PrivacySandbox.Attestations.IsSiteAttested.FileSource"
enum="PrivacySandboxAttestationsFileSource" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
This histogram is recorded each time a Privacy Sandbox API attestation is
checked. It records whether the in-memory attestation map, which is used as
the source of truth for the incoming attestation check, is obtained by
parsing a pre-installed or downloaded attestation list file.
</summary>
</histogram>
<histogram name="PrivacySandbox.Attestations.IsSiteAttested.FirstCheckTime"
units="ms" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration from Chrome startup to the first Privacy Sandbox API
attestation check. This metric should be recorded at most once per Chrome
session. Here the measurement is taken from the time Chrome application
starts.
</summary>
</histogram>
<histogram name="PrivacySandbox.Attestations.IsSiteAttestedStatus"
enum="PrivacySandboxApiAllowed" expires_after="2025-02-09">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Same as PrivacySandbox.Attestations.IsSiteAttested. This histogram entry is
created because what the histogram buckets represent has changed. Its bucket
`AttestationsFileNotYetReady` used to represent the aggregation of the
following cases: 1. The component installer has already checked and found
the attestations file did not exist on disk. 2. The component installer has
not checked the attestations file yet. The file may or may not exist on
disk.
In this version, these two cases have been separated out. Case 1 is recorded
in `AttestationsFileNotPresent`, which is remaned from
`AttestationsFileNotYetReady`. Case 2 now goes into
`AttestationsFileNotYetChecked`.
</summary>
</histogram>
<histogram name="PrivacySandbox.Attestations.Parsing.Status"
enum="PrivacySandboxAttestationParsingStatus" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the parsing status of Privacy Sandbox APIs attestation file. Each
time a Privacy Sandbox Attestation file is parsed, the status is recorded.
The status can be success, or failure with reasons.
</summary>
</histogram>
<histogram
name="PrivacySandbox.CookieDeprecationFacilitatedTesting.ReasonForComputedEligibilityForProfile"
enum="CookieDeprecationFacilitatedTestingProfileEligibility"
expires_after="2024-10-25">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records a profile computed eligibility to cookie deprecation facilitated
testing.
Recorded each time a profile is first loaded in a browser session.
We define the computed eligibility as the actual eligibility of the profile
regardless of the profile's used/effective eligibility.
There might be a mismatches between the computed and used/effective
eligibility of a profile as all profiles on a client share a single
eligibility value.
For data on mismatches, see: Privacy.3pcd.ProfileEligibilityMismatch.
</summary>
</histogram>
<histogram
name="PrivacySandbox.CookieDeprecationFacilitatedTesting.ReasonForEligibilityStoredInPrefs"
enum="CookieDeprecationFacilitatedTestingProfileEligibility"
expires_after="2025-02-23">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the profile's computed eligibility which was used to set the
client's eligibility to cookie deprecation facilitated testing.
Once set, the eligibility is stored in the pref service local state.
For a given client, the metric will not be recorded again so long as the set
eligibility is available from the pref service local state.
</summary>
</histogram>
<histogram
name="PrivacySandbox.Notice.FirstShownToInteractedDuration.{PSNotice}_{PSNoticeAction}"
units="ms" expires_after="2025-06-11">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration from when a notice {PSNotice} was first shown to a
profile to when a action {PSNoticeAction} was taken on the notice.
</summary>
<token key="PSNotice" variants="PSNotice"/>
<token key="PSNoticeAction" variants="PSNoticeAction"/>
</histogram>
<histogram
name="PrivacySandbox.Notice.LastShownToInteractedDuration.{PSNotice}_{PSNoticeAction}"
units="ms" expires_after="2025-06-11">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration from when a notice {PSNotice} was last shown to a
profile to when a action {PSNoticeAction} was taken on the notice.
</summary>
<token key="PSNotice" variants="PSNotice"/>
<token key="PSNoticeAction" variants="PSNoticeAction"/>
</histogram>
<histogram name="PrivacySandbox.Notice.NoticeAction.{PSNotice}"
enum="PrivacySandboxNoticeAction" expires_after="2025-06-11">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the action performed on a notice {PSNotice} for a profile.
</summary>
<token key="PSNotice" variants="PSNotice"/>
</histogram>
<histogram name="PrivacySandbox.Notice.NoticeActionTakenBehavior.{PSNotice}"
enum="PrivacySandboxNoticeActionBehavior" expires_after="2025-06-11">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records if the action taken on a notice {PSNotice} was taken successfully or
failed.
</summary>
<token key="PSNotice" variants="PSNotice"/>
</histogram>
<histogram name="PrivacySandbox.Notice.NoticeShown.{PSNotice}" enum="Boolean"
expires_after="2025-06-11">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>Records if a notice {PSNotice} was shown to a profile.</summary>
<token key="PSNotice" variants="PSNotice"/>
</histogram>
<histogram name="PrivacySandbox.Notice.NoticeStartupState.{PSNotice}"
enum="PrivacySandboxNoticeStartupState" expires_after="2025-06-11">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records startup state of a notice {PSNotice} during the profile start up.
</summary>
<token key="PSNotice" variants="PSNotice"/>
</histogram>
<histogram name="PrivacySandbox.NoticeRequirement.IsVariationCountryEmpty"
enum="Boolean" expires_after="2025-01-12">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether or not the variation country is empty for profiles. This
histogram will be used to determine if the variation country being empty
leads to an increased spike of Privacy Sandbox notice APIs being disabled.
</summary>
</histogram>
<histogram name="PrivacySandbox.NoticeRequirement.IsVariationServiceReady"
enum="Boolean" expires_after="2025-01-12">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether or not the variation service is ready for profiles. This
histogram will be used to determine if the variation service not being ready
leads to an increased spike of Privacy Sandbox notice APIs being disabled.
</summary>
</histogram>
<histogram
name="PrivacySandbox.PrivateAggregation.Budgeter.BudgetValidityStatus2"
enum="PrivacySandboxPrivateAggregationBudgeterBudgetValidityStatus2"
expires_after="2025-03-01">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the validity of budget entries read from disk. Recorded once every
time that budget is attempted to be consumed to reflect the state of stored
budget data for the requested origin and API. If multiple errors are found,
only the first encountered/detected is reported. As a result, reported
errors will be skewed in favor of checks performed first, but we expect
multiple instances of corruption for budget entries on disk to be rare.
</summary>
</histogram>
<histogram
name="PrivacySandbox.PrivateAggregation.Budgeter.EnoughBudgetForAnyValueIfNotEnoughOverall"
enum="Boolean" expires_after="2025-01-24">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
When the result of a request to consume budget for the Private Aggregation
API fails due to insufficient budget, records whether there was still
sufficient budget remaining for the minimum value of the histogram
contributions being tested. In other words, if we tested each histogram
contribution individually for the report (instead of the report as a whole),
would any have been approved? Recorded for each individual aggregatable
report request that fails in this way (but not each individual histogram
contribution).
</summary>
</histogram>
<histogram
name="PrivacySandbox.PrivateAggregation.Budgeter.NumReportingOriginsStoredPerSite"
units="counts" expires_after="2025-01-26">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the number of reporting origins stored per site in budget storage.
Recorded once every time that budget is attempted to be consumed to reflect
the state of stored budget data for the requested site and API. Not recorded
in the case of certain errors that fail before the storage is actually
queried.
</summary>
</histogram>
<histogram name="PrivacySandbox.PrivateAggregation.Budgeter.RequestResult3"
enum="PrivacySandboxPrivateAggregationBudgeterRequestResult3"
expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the result of a request to consume budget for the Private
Aggregation API. Recorded for each individual aggregatable report request
(but not each individual histogram contribution).
</summary>
</histogram>
<histogram
name="PrivacySandbox.PrivateAggregation.BudgetStorage.BeginInitializationCount"
units="units" expires_after="2025-06-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Count the number of times the budget storage begins initialization. This
metric is intended to be used in conjunction with the
"PrivacySandbox.PrivateAggregation.BudgetStorage.ShutdownBeforeFinishingInitialization"
metric, which does not measure cases where the browser is shut down
abruptly.
To get the actual number of times the browser is shut down before finishing
initialization, including cases where shut down abruptly, subtract the
number of true events for "ShutdownBeforeFinishingInitialization";
from this metric's total count.
</summary>
</histogram>
<histogram name="PrivacySandbox.PrivateAggregation.BudgetStorage.DbSize"
units="KiB" expires_after="2025-07-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the size of the PrivateAggregationBudgetStorage database on disk.
Recorded after successfully opening the database, but before initialization
finishes.
</summary>
</histogram>
<histogram name="PrivacySandbox.PrivateAggregation.BudgetStorage.InitStatus"
enum="PrivacySandboxPrivateAggregationBudgetStorageInitStatus"
expires_after="2025-06-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the initialization statuses of PrivateAggregationBudgetStorage,
indicating whether it was successful and, if not, why it failed. Recorded
when the initialization reply callback is run on the main sequence.
</summary>
</histogram>
<histogram name="PrivacySandbox.PrivateAggregation.BudgetStorage.InitTime"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the time spent initializing the PrivateAggregationBudgetStorage,
i.e. between running CreateAsync() and FinishInitializationOnMainSequence().
Recorded for each initialization attempt, whether successful or not.
Recorded when the initialization reply callback is run on the main sequence.
</summary>
</histogram>
<histogram
name="PrivacySandbox.PrivateAggregation.BudgetStorage.ShutdownBeforeFinishingInitialization"
enum="Boolean" expires_after="2025-06-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether PrivateAggregationBudgetStorage has already been shut down
when the initialization finishes (i.e. the reply callback is run on the main
sequence). Recorded when that callback is run.
</summary>
</histogram>
<histogram name="PrivacySandbox.PrivateAggregation.Host.FilteringIdStatus"
enum="PrivacySandboxPrivateAggregationHostFilteringIdStatus"
expires_after="2024-11-06">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether a filtering ID and/or a custom filtering ID max bytes was
used for a Private Aggregation report request being generated in the host.
This is recorded for every report request generation except that it is not
recorded if the filtering ID feature is disabled.
</summary>
</histogram>
<histogram
name="PrivacySandbox.PrivateAggregation.Host.NumContributionMergeKeysInPipe{ApiAndDelay}"
units="contributions if merged" expires_after="2025-06-21">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the number of contributions sent through a host's mojo pipe,
including contributions dropped due to the contribution limit. (To avoid
unbounded memory usage, we don't track more than 10k dropped contributions.)
Counts contributions as if they were merged, i.e. counts the number of merge
keys. Only records if the contribution merging feature is enabled. Recorded
for every PrivateAggregationHost mojo pipe {ApiAndDelay}.
</summary>
<token key="ApiAndDelay">
<variant name="" summary="regardless of the calling API"/>
<variant name=".ProtectedAudience"
summary="with Protected Audience specified as the API"/>
<variant name=".SharedStorage"
summary="with Shared Storage specified as the API"/>
<variant name=".SharedStorage.FullDelay"
summary="with Shared Storage specified as the API and with *no*
timeout set (causing the report to be sent after a longer,
randomized delay"/>
<variant name=".SharedStorage.ReducedDelay"
summary="with Shared Storage specified as the API and with a timeout
set (causing the report to be sent after only a short delay)"/>
</token>
</histogram>
<histogram
name="PrivacySandbox.PrivateAggregation.Host.PipeOpenDurationOnShutdown"
units="ms" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
On browser or profile shutdown, records the length of time that each mojo
pipe still open has been open for. Recorded for every mojo pipe that is
still open during shutdown. This is intended to provide a signal if mojo
pipes are not being closed.
</summary>
</histogram>
<histogram name="PrivacySandbox.PrivateAggregation.Host.PipeResult"
enum="PrivacySandboxPrivateAggregationHostPipeResult"
expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether a PrivateAggregationHost mojo pipe successfully resulted in
a report request being forwarded to the manager and, if not, the reason for
failure or no report. Further, breaks out the case of too many
contributions, where the request is forwarded but is truncated. (Note that a
report being dropped due to zero value does not count as truncation.) Note
that, even if successfully forwarded, the report may still be rejected by
the budgeter, manager or in the aggregation_service layer. Recorded for
every mojo pipe on disconnection.
</summary>
</histogram>
<histogram name="PrivacySandbox.PrivateAggregation.Host.TimeoutResult"
enum="PrivacySandboxPrivateAggregationHostTimeoutResult"
expires_after="2025-03-01">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Some PrivateAggregation operations have an associated timeout after which a
report will be sent unconditionally. This metric records, for every mojo
pipe which specifies a timeout, the outcome of the timeout. Recorded at the
timeout or disconnection time whichever occurs first, or when it's canceled
due to error, or on browser shutdown if it's still scheduled with pipe open.
</summary>
</histogram>
<histogram
name="PrivacySandbox.PrivateAggregation.Host.TimeToGenerateReportRequestWithContextId"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration of time that elapses from the moment that
PrivateAggregationHost is notified of a timeout or mojo pipe disconnection
until it generates a report request. It is recorded just before passing the
request to the aggregation_service layer. It is only recorded for requests
with a context ID; corresponding reports will be sent with a reduced delay
and thus may inadvertently reveal more information via their send time. The
intent is to capture the duration of time spent in shared resources such as
PrivateAggregationBudgeter.
</summary>
</histogram>
<histogram name="PrivacySandbox.PrivateAggregation.Manager.RequestResult"
enum="PrivacySandboxPrivateAggregationManagerRequestResult"
expires_after="never">
<!-- expires-never: critical system health metric for monitoring -->
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the outcome of a report request sent through the Private Aggregation
manager, i.e. whether the report was sent and whether its contributions were
cleared due to budget denial. Also breaks out the case of a report that
started with no contributions. Recorded for each individual report request
(but not each individual histogram contribution).
This is a critical histogram monitored by alerts to
[email protected]. Please make sure future versions of
this histogram are properly set up for alerting, but prefer not to version
the histogram if possible.
</summary>
</histogram>
<histogram name="PrivacySandbox.ProtectedAudience.JoiningTopFrameDisplayed"
enum="BooleanShown" expires_after="2025-01-05">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records whether the joining site (including host fallback) for a Protected
Audience interest group was successfully displayed. True if it was, false if
the interest group was not displayed because no site or host could be
determined. Recorded on a per interest group data key basis when the user
opens the Protected Audience settings page.
</summary>
</histogram>
<histogram
name="PrivacySandbox.TrackingProtection.OnboardingStartup.AckedSince"
units="ms" expires_after="2024-09-30">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the time the user acknowledges the notice. This is emitted once on
browser startup.
</summary>
</histogram>
<histogram
name="PrivacySandbox.TrackingProtection.OnboardingStartup.EligibleToOnboardedDuration"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration it takes while being eligible up till onboarding to
3PCD. This occurs once per profile during the startup of onboarding.
</summary>
</histogram>
<histogram name="PrivacySandbox.TrackingProtection.OnboardingStartup.State"
enum="OnboardingStartupState" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the state on startup of being onboarded to 3PCD. This occurs once
per profile during the startup of onboarding.
</summary>
</histogram>
<histogram
name="PrivacySandbox.TrackingProtection.OnboardingStartup.WaitingToAckSince"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the time it takes to acknowledge the notice for 3PCD after being
onboarded. This occurs once per profile during the startup of onboarding.
</summary>
</histogram>
<histogram
name="PrivacySandbox.TrackingProtection.OnboardingStartup.WaitingToOnboardSince"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the time it takes while waiting to be onboarded to 3PCD. This occurs
once per profile during the startup of onboarding.
</summary>
</histogram>
<histogram
name="PrivacySandbox.TrackingProtection.SilentOnboardingStartup.EligibleToOnboardedDuration"
units="ms" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the duration it takes while being eligible up till silent onboarding
to 3PCD control groups. This occurs once per profile during the startup of
onboarding.
</summary>
</histogram>
<histogram
name="PrivacySandbox.TrackingProtection.SilentOnboardingStartup.State"
enum="SilentOnboardingStartupState" expires_after="2025-02-10">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the state on startup of being silent onboarded to 3PCD control
groups. This occurs once per profile during the startup of onboarding.
</summary>
</histogram>
<histogram
name="PrivacySandbox.TrackingProtection.SilentOnboardingStartup.WaitingToOnboardSince"
units="ms" expires_after="2024-12-08">
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Records the time it takes while waiting to be silent onboarded to 3PCD
control groups. This occurs once per profile during the startup of
onboarding.
</summary>
</histogram>
<histogram name="PrivacySandbox.{ApiType}" enum="PrivacySandboxApiAllowed"
expires_after="never">
<!-- expires-never: critical system health metric for monitoring -->
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
Whether or not the {ApiType} operation was allowed by Privacy Sandbox
settings and why. Recorded at the time settings are checked when performing
the operation.
This is a critical histogram monitored by alerts. Please make sure future
versions of this histogram are properly set up for alerting. The attribution
reporting and private aggregation variants are monitored by
[email protected].
</summary>
<token key="ApiType">
<variant name="IsAttributionReportingAllowed"
summary="IsAttributionReportingAllowed"/>
<variant name="IsAttributionReportingEverAllowed"
summary="IsAttributionReportingEverAllowed"/>
<variant name="IsFledgeBuyAllowed" summary="IsFledgeBuyAllowed"/>
<variant name="IsFledgeJoinAllowed" summary="IsFledgeJoinAllowed"/>
<variant name="IsFledgeLeaveAllowed" summary="IsFledgeLeaveAllowed"/>
<variant name="IsFledgeSellAllowed" summary="IsFledgeSellAllowed"/>
<variant name="IsFledgeUpdateAllowed" summary="IsFledgeUpdateAllowed"/>
<variant name="IsPrivacySandboxReportingDestinationAttested"
summary="IsPrivacySandboxReportingDestinationAttested"/>
<variant name="IsPrivateAggregationAllowed"
summary="IsPrivateAggregationAllowed"/>
<variant name="IsSharedStorageAllowed" summary="IsSharedStorageAllowed"/>
<variant name="IsSharedStorageSelectURLAllowed"
summary="IsSharedStorageSelectURLAllowed"/>
<variant name="IsTopicsAllowed" summary="IsTopicsAllowed"/>
<variant name="IsTopicsAllowedForContext"
summary="IsTopicsAllowedForContext"/>
<variant name="MaySendAttributionReport"
summary="MaySendAttributionReport"/>
</token>
</histogram>
</histograms>
</histogram-configuration>
Codebase Browser
chromium