[Bug] Move obsolete headers in no-html-only-headers to no-disallowed-headers

[antross]

Now that I'm looking I also see some of the outdated, experimental headers listed here should probably move to webhint's Disallowed HTTP Headers as they should really no longer be used regardless of resource type (e.g. X-WebKit-CSP). I'll open a separate issue for this too.

Originally posted by @antross in #2342 (comment)

[Malvoz]

@antross
May I ask you to have a look at the non-standard headers described in #1633 (comment), if they aren't useful they could potentially be treated as disallowed headers aswell.

[molant]

Thanks @Malvoz!
Our header hints are definitely due for a revision. @antross maybe we should consolidate some of them and have something similar to compat-api. We could maintain a list that contains if it's recommended or not, type of resources it applies, and such. I think that will make it easier to maintain.

We will still have to do something separate for #25 but I think for the rest it should be more straightforward. The biggest problem I see is the documentation and making sure we link to the right sources in each case.

[Malvoz]

The biggest problem I see is the documentation

Almost deserves its own repo >.<, do you have any suggestions going forward documenting this? H5BP will certainly follow the progression per h5bp/server-configs-apache#187.

[molant]

Almost deserves its own repo >.<

That's a possibility. If the list of headers is something other projects would like to consume we could create something like browser-compat-data that also has documentation.

Maybe for starters we could have different entries in the doc by category (obsolete, security, disallowed/frameworks, etc.) and put the details in there with links if applicable. We might have to put less examples that pass/fail for each category as to not make it gigantic.