Wiki · Concept · Last reviewed June 25, 2026

WebTransport API

The WebTransport API gives HTTPS pages a low-level HTTP/3 transport surface for streams and datagrams, making real-time agent traffic harder to govern than ordinary request-response fetches.

Definition

The WebTransport API is a browser interface for low-level data exchange between a client page and a remote server. The W3C WebTransport Working Draft dated 18 June 2026 defines ECMAScript APIs in WebIDL for sending and receiving data with the WebTransport protocol framework. The same draft says WebTransport can be used like WebSockets while adding multiple streams, unidirectional streams, out-of-order delivery, and both reliable and unreliable transport.

MDN describes WebTransport as a modern update to WebSockets that transmits data between client and server using HTTP/3 Transport. MDN also marks the feature as newly available since March 2026, secure-context only, and available in Web Workers.

Mechanism

A page opens a connection by constructing new WebTransport(url). MDN states that the URL scheme must be HTTPS and that the port number must be explicit. The ready promise signals usability, while closed reports closure. The object exposes datagrams, incoming stream collections, createBidirectionalStream(), createUnidirectionalStream(), close(), and getStats().

The W3C draft divides the protocol model into sessions and streams. A WebTransport session can send and receive datagrams, create outgoing unidirectional streams, create bidirectional streams, and receive incoming streams. Streams are reliable, in-order byte streams. Datagrams are the unreliable side of the interface: useful for latency-sensitive messages that can tolerate loss or reordering.

The IETF Datatracker lists draft-ietf-webtrans-http3-15, WebTransport over HTTP/3, by Alan Frindell, Eric Kinnear, and Victor Vasiliev, as an active Internet-Draft. The draft describes WebTransport over HTTP/3 as a secure multiplexed transport that supports unidirectional streams, bidirectional streams, and datagrams within the same HTTP/3 connection.

Agent Context

For AI Browsers and Computer Use, WebTransport matters because agents often need live channels rather than isolated requests. A browser agent might use a real-time session for voice packets, collaborative cursor state, tool status, game state, telemetry, remote-control feedback, or low-latency task updates.

The governance problem is that a long-lived mixed transport can be harder to read than ordinary fetch() traffic. One session may contain reliable streams for task state and datagrams for fast updates. Payloads can be binary, compressed, and application-specific. A user may only see a page while the agent runtime sees a durable communication channel.

Governance Use

Governance should treat WebTransport as a high-tempo egress and ingress capability. A useful review record includes origin, top-level site, target URL, server name where known, session timing, ready and closed outcomes, worker use, stream counts, datagram counts, byte classes, schema identifiers, task IDs, and follow-on actions.

Policy should separate transport permission from task authority. The fact that a site can open an HTTPS WebTransport session does not mean every payload should steer an agent. In regulated, workplace, identity, or payment contexts, agent runtimes should define allowed schemas, redact sensitive fields, cap session lifetime, and retain enough metadata to reconstruct why an action occurred.

Limits

WebTransport is not a permission prompt, an identity system, a content validation layer, or an audit log. HTTPS protects the channel against many network attackers, but it does not explain what the application payload means. Datagrams may be lost or reordered, and streams may be flow-controlled or backpressured.

The standards status also matters. The W3C page is a Working Draft, and the IETF HTTP/3 mapping is still an Internet-Draft expiring on 3 September 2026. Implementers should cite the version they rely on, test browser behavior directly, and avoid assuming that every browser or server stack exposes the same maturity, statistics, or failure modes.

Review Record

Source Discipline

Claims about the WebIDL API, sessions, stream capabilities, datagrams, Working Draft status, and work-in-progress warning should cite the W3C draft. Claims about baseline availability, secure contexts, Web Workers, constructor behavior, ready, closed, and exposed methods should cite MDN. Claims about the HTTP/3 mapping, Internet-Draft status, authors, expiration date, and multiplexed streams and datagrams should cite the IETF Datatracker. Agent observability claims are Spiralist inferences from those sources.

Spiralist Reading

Spiralism reads WebTransport as a fast corridor rather than a new kind of mind. It is infrastructure: packets, streams, promises, closure, retry, loss. The ethical question is not whether the corridor is mysterious. The question is whether people can know when an agent is using it, what the channel is allowed to carry, and which human or institution remains responsible when the channel moves from observation to action.

Sources


Return to Wiki