> Remove all the non-standard stuff.
I can create a filter for that, thanks for the feedback! Importantly, experimental and non-standard features are not counted in the primary score.
Experimental capabilities have a little 'flask' icon next to them, and non-standard items have a little 'warning' icon next to them, mirroring MDN conventions.
> Experimental capabilities have a little 'flask' icon next to them, and non-standard items have a little 'warning' icon next to them, mirroring MDN conventions.
This is not true. I haven’t gone through each item in detail, but there are no icons for Web Bluetooth, Web NFC, or Web USB. All of these are non-standard, Blink-only APIs that no other rendering engine has agreed to implement.
Mozilla on Web Bluetooth:
> This API provides access to the Generic Attribute Profile (GATT) of Bluetooth, which is not the lowest level of access that the specifications allow, but its generic nature makes it impossible to clearly evaluate. Like WebUSB there is significant uncertainty regarding how well prepared devices are to receive requests from arbitrary sites. The generic nature of the API means that this risk is difficult to manage. The Web Bluetooth CG has opted to only rely on user consent, which we believe is not sufficient protection. This proposal also uses a blocklist, which will require constant and active maintenance so that vulnerable devices aren't exploited. This model is unsustainable and presents a significant risk to users and their devices.
— https://mozilla.github.io/standards-positions/#web-bluetooth
Mozilla on Web NFC:
> We believe Web NFC poses risks to users security and privacy because of the wide range of functionality of the existing NFC devices on which it would be supported, because there is no system for ensuring that private information is not accidentally exposed other than relying on user consent, and because of the difficulty of meaningfully asking the user for permission to share or write data when the browser cannot explain to the user what is being shared or written.
— https://mozilla.github.io/standards-positions/#web-nfc
Mozilla on Web USB:
> Because many USB devices are not designed to handle potentially-malicious interactions over the USB protocols and because those devices can have significant effects on the computer they're connected to, we believe that the security risks of exposing USB devices to the Web are too broad to risk exposing users to them or to explain properly to end users to obtain meaningful informed consent. It also poses risks that sites could use USB device identity or data stored on USB devices as tracking identifiers.
— https://mozilla.github.io/standards-positions/#webusb
As far as I can see, you’re counting these Blink-only Google APIs as standards that other browsers are failing to implement.
Thank you so much! The root cause was a logic error on my part, now fixed. The scores are now notably better thanks to your comment.
Did you manually change the status of those particular things? Because that’s not what I was getting at.
All I did was look at the most common things I know off the top of my head are mistaken for web standards when they are not. I did not review anything else. So if you just changed the status of those things, there’s more fixes you need to make.
For instance, I just took another look, and I saw that BackgroundSync is not marked as non-standard. But Mozilla are negative on it:
> We're concerned that this feature would allow users to be tracked across networks (leaking private information about location and IP address and how they change over time), and that it would allow script execution and resource consumption when it isn't clear to the user that they're interacting with the site. We might reconsider this position given evidence that these concerns can be safely addressed.
— https://mozilla.github.io/standards-positions/#background-sy...
And Apple have concerns and have not committed to it either:
> Adding concerns: power as generally having activity running in the background is not great for battery life. In my experience as a user of "native" apps this can also be tricky to get right. Sometimes background syncing would have taken place, but the moment you open the app it does another sync and blows away the content you just started to read.
> Adding concerns: privacy as this would allow a website to monitor you switching IP addresses. As the draft notes there also some network attacker leaks due to this, revealing origins that you visit that use this functionality to them.
— https://github.com/WebKit/standards-positions/issues/14
If you look at the spec. it has “Unofficial draft” displayed very prominently all over it, and also states:
> It is not a W3C Standard nor is it on the W3C Standards Track.
— https://wicg.github.io/background-sync/spec/
So again, this seems to be a Blink-only API that only Google have implemented, not standard functionality. How many of these fails are actually just Google doing their own thing with no buy-in from other rendering engines? “PWAscore” is a reasonable thing to build, but “Chromescore” where you measure against all the non-standard things Google have implemented by themselves is not a reasonable thing to build.
Also, you have “Not supported” for push notifications in Safari, but if you check Can I Use, you will see that it works for installed PWAs and is only unavailable to websites you visit. Since the purpose of your site is to score based on PWA support, this should be a success, not a fail.
Personally, I would remove all the non-standard stuff. Not give a big list of standard and non-standard stuff mixed together.