In the Web’s first years (1990–1994), HTTP’s stateless simplicity left no room for ad tech as we know it. This chapter traces how early HTTP interfaces and the arrival of cookies set up decades of web advertising—and why today’s Privacy Sandbox APIs are a return to constrained, standardized interfaces.
In the Web’s earliest years, browsers didn’t ask for camera, location, or notification access—because they couldn’t. This chapter traces how early HTTP and HTML interfaces quietly defined privacy expectations long before formal browser permissions APIs existed.
JWT didn’t exist in 1990–1994, but the Web’s first HTTP interfaces already wrestled with the same API authentication problems: stateless requests, shared gateways, and portable identity. This chapter traces the roots of token-based auth from early HTTP, Basic auth, CGI sessions, and the arrival of cookies.
In the Web’s first years (1990–1994), there was no localStorage, no IndexedDB, and not even JavaScript. Yet developers still needed state. This chapter traces how early HTTP interfaces, forms, and the first cookie experiments pushed the Web toward browser storage APIs and richer client applications.
Before OAuth 1.0 existed, the early Web (1990–1994) made key decisions—stateless HTTP, Basic Auth, CGI, and cookies—that eventually demanded delegated authorization for APIs.
In the Web’s earliest years, HTTP’s stateless design collided with real application needs: logins, carts, personalization, and workflow. This chapter traces how developers improvised sessions and how cookies began to emerge around 1994.