W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

[ACTION-20] First parties signaling exceptions to third parties

From: Peter Eckersley <peter.eckersley@gmail.com>
Date: Wed, 9 Nov 2011 10:20:03 -0800
Message-ID: <CAOYJvn+7Qz_5iKMj0A523PWhb-jDYqjiCUoXXAYhUcN_BWN+dA@mail.gmail.com>
To: Tracking Protection Working Group WG <public-tracking@w3.org>
Some possible language to consider:

First parties sometimes have active exceptions to DNT.  For instance, a user
on the New York Times site may have logged in and knowingly opted back in to
being tracked by third parties while reading the New York Times site.  In
such a
case, the first party needs a way to signal to the third parties that, for
these
particular requests, an exception is overriding the DNT: 1 header that the
user's browser is sending.

If a first party wishes to signal to a third party that there is an active
exception to DNT, the first party MUST indicate this with a request
parameter
"dnt-override=" with a non-null value (eg, "dnt-override=1",
"dnt-override=user logged in", "dnt-override=retain for 1 week", etc).  This
parameter may be set as a URI query parameter, a URI fragment parameter, or
an
HTTP POST parameter.

A webserver receiving a request with the "dnt-override=" parameter with a
value of "1" MAY disregard a DNT: 1 header that it simultaneously
receives from the client.  However if it does so, it MUST send the
Tracking: 1
response header to the client.

First parties and third parties MAY agree to additional semantics for
values of
the dnt-override parameter other than 1 or null.  If a third party receives
a
value for "dnt-override" where such an agreement and implementation is not
in
place, it MUST send Tracking: 0 to the client, and ignore the dnt-override
parameter.

-- 
Peter
Received on Wednesday, 9 November 2011 18:20:39 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:22 UTC