This specification enables a server to communicate performance metrics about the request-response cycle to the user agent. It also standardizes a JavaScript interface to enable applications to collect, process, and act on these metrics to optimize application delivery.
## Introduction Accurately measuring performance characteristics of web applications is an important aspect of making web applications faster. [[!NAVIGATION-TIMING-2]] and [[!RESOURCE-TIMING-2]] provide detailed request timing information for the document and its resources, which include time when the request was initiated, and various milestones to negotiate the connection and receive the response. However, while the user agent can observe the timing data of the request it has no insight into how or why certain stages of the request-response cycle have taken as much time as they have - e.g., how the request was routed, where the time was spent on the server, and so on. This specification introduces PerformanceServerTiming interface, which enables the server to communicate performance metrics about the request-response cycle to the user agent, and a JavaScript interface to enable applications to collect, process, and act on these metrics to optimize application delivery.
### The `Server-Timing` Header Field The Server-Timing header field is used to communicate one or more metrics and descriptions for the given request-response cycle. The ABNF (Augmented Backus-Naur Form) [[!RFC5234]] syntax for the Server-Timing header field is as follows: ```ABNF Server-Timing = #server-timing-metric server-timing-metric = metric [ OWS ";" OWS description ] metric = metric-name [ OWS "=" OWS metric-value ] metric-name = token metric-value = *DIGIT [ "." 1*DIGIT ] description = token | quoted-string ``` * Each metric MUST have a name. * Metric names MAY be repeated. * Metric names are defined by the server. * Each metric MAY have an optional numeric value. * Each metric MAY have an optional description. * The user agent MAY surface provided metrics in any order - i.e. the order of metrics in the HTTP header field is not significant. See [[!RFC7230]] for definitions of `#`, `OWS`, `token`, `DIGIT`, and `quoted-string`.
- To minimize the HTTP overhead the provided metrics and descriptions should be kept as short as possible - e.g. use abbreviations and omit optional values where possible. - Because there can be no guarantee of clock synchronization between client, server, and intermediaries, it is impossible to map a meaningful `startTime` onto the clients timeline. For that reason, any `startTime` attribution is purposely omitted from this specification. If the developers want to establish a relationship between multiple entries, they can do so by communicating custom data via metric names and/or descriptions. - The server and/or any relevant intermediaries are in full control of which metrics are communicated to the user agent and when. For example, access to some metrics may be restricted due to privacy or security reasons - see section.
## The PerformanceServerTiming Interface
    [Exposed=(Window,Worker)]
    interface PerformanceServerTiming {
      readonly attribute DOMString name;
      readonly attribute DOMHighResTimeStamp duration;
      readonly attribute DOMString description;
      [Default] object toJSON();
    };
  
When toJSON is called, run [[!WEBIDL]]'s default toJSON operation. ### name attribute The name attribute MUST return the server-specified metric-name. ### duration attribute The duration attribute MUST return a double that contains the server-specified metric-value, or value `0.0`. ### description attribute The description attribute MUST return the server-specified metric-description, or an empty string.
### Extension to the PerformanceResourceTiming interface The PerformanceResourceTiming interface, which this specification partially extends, is defined in [[!RESOURCE-TIMING-2]].
  [Exposed=(Window,Worker)]
  partial interface PerformanceResourceTiming {
    readonly attribute FrozenArray<PerformanceServerTiming> serverTiming;
  };
  
### serverTiming attribute The serverTiming attribute returns a sequence of PerformanceServerTiming entries.
## Process ### Processing Model

When processing the response of the current document call the server-timing header parsing algorithm with resource timing object set to the newly created `PerformanceNavigationTiming` object.

For each resource fetched by the current browsing context, excluding resources fetched by cross-origin stylesheets fetched with no-cors policy, call the server-timing header parsing algorithm with resource timing object set to the newly created PerformanceResourceTiming object.

#### server-timing header parsing algorithm

Given a resource timing object, perform the following steps:

  1. Let entryList be a new empty sequence.
  2. For each server-specified metric received from parsing the Server-Timing header field, perform the following steps:
    1. Let entry be a new PerformanceServerTiming object.
    2. Set name to the server-specified metric-name.
    3. Set duration to the server-specified metric-value, or value 0 if omitted or not representable as a double.
    4. Set description to the server-specified metric-description, or an empty string.
    5. Append entry to entryList.
  3. Set the serverTiming attribute on resource timing object to entryList.

The user-agent MUST process Server-Timing header field communicated via a trailer field (see [[!RFC7230]] section 4.1.2) using the same algorithm.

### Cross-origin Resources Cross-origin resources (i.e. non same origin) MUST be included as PerformanceServerTiming objects in the Performance Timeline. If the "timing allow check" algorithm, as defined in [[RESOURCE-TIMING-2]], fails for a cross-origin resource: Server must return the `Timing-Allow-Origin` HTTP response header, as defined in [[RESOURCE-TIMING-2]], to allow the user agent to fully expose, to the document origin(s) specified, the values of attributes that would have been set to zero or empty string due to the cross-origin restrictions.
## Privacy and Security The interfaces defined in this specification expose potentially sensitive application and infrastructure information to any web page that has included a resource that advertises server timing metrics. For this reason the access to `PerformanceServerTiming` interface is restricted by the same origin policy by default, as described in . Resource providers can explicitly allow server timing information to be available by adding the `Timing-Allow-Origin` HTTP response header, as defined in [[!RESOURCE-TIMING-2]], that species the domains that are allowed to access the server metrics. In addition to using the `Timing-Allow-Origin` HTTP response header, the server can also use relevant logic to control which metrics are returned, when, and to whom - e.g. the server may only provide certain metrics to correctly authenticated users and nothing at all to all others.
## IANA Considerations The permanent message header field registry should be updated with the following registrations ([[RFC3864]]): ### Server-Timing Header Field
Header field name
Server-Timing
Applicable protocol
http
Status
standard
Author/Change controller
W3C
Specification document
This specification (See Server-Timing Header Field)
## Examples
    > GET /resource HTTP/1.1
    > Host: example.com

    < HTTP/1.1 200 OK
    < Server-Timing: miss, db=53, app=47.2;
    < Server-Timing: customView, dc;atl
    < Trailer: Server-Timing
    < (... snip response body ...)
    < Server-Timing: total=123.4
  
Name Value Description
miss
db53
app47.2
customView
dcatl
total123.4

The above header fields communicate five distinct metrics that illustrate all the possible ways for the server to communicate data to the user agent: metric name only, metric with value, metric with value and description, and metric with description. For example, the above metrics may indicate that for `example.com/resource.jpg` fetch:

  1. There was a cache miss.
  2. The request was routed through the "atl" datacenter ("dc").
  3. The database ("db") time was 53 ms.
  4. The application server ("app") took 47.2ms to process "customView" template or function.
  5. The total time for the request-response cycle on the server was 123.4ms, which is recorded at the end of the response and delivered via a trailer field.

The application can collect, process, and act on the provided metrics via the provided JavaScript interface:

    // serverTiming entries can live on 'navigation' and 'resource' entries
    for (const entryType of ['navigation', 'resource']) {
      for (const {name: url, serverTiming} of performance.getEntriesByType(entryType)) {
        // iterate over the serverTiming array
        for (const {name, duration, description} of serverTiming) {
          // we only care about "slow" ones
          if (duration > 200) {
            console.info('Slow server-timing entry =',
              JSON.stringify({url, entryType, name, duration, description}, null, 2))
          }
        }
      }
    }
  
## Use cases ### Server timing in developer tools Server processing time can be a significant fraction of the total request time. For example, a dynamic response may require one or more database queries, cache lookups, API calls, time to process relevant data and render the response, and so on. Similarly, even a static response can be delayed due to overloaded servers, slow caches, or other reasons. Today, the user agent developer tools are able to show when the request was initiated, and when the first and last bytes of the response were received. However, there is no visibility into where or how the time was spent on the server, which means that the developer is unable to quickly diagnose if there is a performance bottleneck on the server, and if so, in which component. Today, to answer this question, the developer is required to use different techniques: check the server logs, embed performance data within the response (if possible), use external tools, and so on. This makes identifying and diagnosing performance bottlenecks hard, and in many cases impractical. Server Timing defines a standard mechanism that enables the server to communicate relevant performance metrics to the client and allows the client to surface them directly in the developer tools - e.g. the requests can be annotated with server sent metrics to provide insight into where or how the time was spent while generating the response. ### Server timing for automated analytics In addition to surfacing server sent performance metrics in the developer tools, a standard JavaScript interface enables analytics tools to automatically collect, process, beacon, and aggregate these metrics for operational and performance analysis. ### Measuring request routing performance Server Timing enables origin servers to communicate performance metrics about where or how time is spent while processing the request. However, the same request and response may also be routed through one or more multiple proxies (e.g. cache servers, load balancers, and so on), each of which may introduce own delays and may want to provide performance metrics into where or how the time is spent. For example, a CDN edge node may want to report which data center was being used, if the resource was available in cache, and how long it took to retrieve the response from cache or from the origin server. Further, the same process may be repeated by other proxies, thus allowing full end-to-end visibility into how the request was routed and where the time was spent. Similarly, when a Service Worker is active, some or all of the navigation and resource requests may be routed through it. Effectively, an active Service Worker is a local proxy that is able to reroute requests, serve cached responses, synthesize responses, and more. As a result, Server Timing enables Service Worker to report custom performance metrics about how the request was processed: whether it was fetched from server or server from local cache, duration of relevant the processing steps, and so on.
## Acknowledgments This document reuses text from the [[NAVIGATION-TIMING-2]], [[RESOURCE-TIMING-2]], [[PERFORMANCE-TIMELINE-2]], and [[RFC6797]] specifications as permitted by the licenses of those specifications.