W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: Issue-4

From: David Singer <singer@apple.com>
Date: Thu, 10 Nov 2011 12:48:48 +0900
To: Tracking Protection Working Group WG <public-tracking@w3.org>
Message-id: <17871A1E-27A3-40DA-8679-E0ABD200ED1D@apple.com>

On Nov 10, 2011, at 1:32 , Ronan Heffernan wrote:

> > Can anyone come up with a use case here?
> Having a "DNT not set" header would allow a webserver to detect that a DNT header had been stripped-off by an intermediary (router, proxy, etc.), if it maintains a list of user-agent-strings that are known to always send DNT headers (even if the value is 'not set').  This would allow the webserver to treat a request with a stripped-off header differently (perhaps applying DNT? perhaps warning the user?) from a request that came from a browser that was known to not support the DNT feature.
> Similarly, if a response (either from a header or well-known URI) echoes-back the received DNT setting, then having "missing" distinct from "received as 'not set'" would allow the browser to detect that an intermediary (proxy, router, etc.) had stripped-off the user's DNT header, even in the case where it was not set.  
> --Ronan Heffernan

I was just reacting to the phrased question and proposing tidy specs (where the default can also be explicitly stated), but Ronan's cases allow UAs to detect DNT-aware sites, and give much greater information.  It permits "I see your decline-to-state, and my reaction is to track you" which I am sure will surprise lots of people :-).

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Thursday, 10 November 2011 03:49:19 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC