W3C home > Mailing lists > Public > public-tracking@w3.org > December 2011

(unknown charset) Re: tracking-ISSUE-105: Response header without request header? [Tracking Preference Expression (DNT)]

From: (unknown charset) Matthias Schunter <mts@zurich.ibm.com>
Date: Tue, 20 Dec 2011 21:07:23 +0100
Message-ID: <4EF0EAFB.8030201@zurich.ibm.com>
To: (unknown charset) public-tracking@w3.org
Hi!


Summarizing the mails:
  If _no request header was received_, we agree that in general
    "MAY send response header" and neither "MUST" nor "SHOULD".

If this is a common agreement, it settles ISSUE-105!

More discussions:

If a request header was received that says DNT=1, then a site MUST
send a response header (otherwise the user agent cannot validate
compliance).

If a request header with DNT=0 was received, the server may indicating
that it understood and supports DNT by sending a response. This is
ISSUE-78.

I actually think that making "the entire existing internet
non-compliant in a single foop" can be avoided: If I send DNT=1 and a
server does not respond with any DNT-related info, then a user cannot
tell whether his preference is followed.  Therefore, I would call this
site non-compliant.


Regards,
matthias


On 12/20/2011 7:07 PM, David Singer wrote:
> 
> On Dec 19, 2011, at 17:26 , Shane Wiley wrote:
> 
>> I agree with JC as we'll have publishers/web servers that will take time to upgrade to DNT support once the standard is out.  It'll take several years (if not longer if you look at the IE6 deprecation timeline) for all servers to get to a point where they can provide DNT Response Headers.  
> 
> well, that's a different question (if you get a request, is a response required?).  (the answer is no, we can't, or we make the entire existing internet non-compliant in a single foop).
> 
> this is the opposite; can you (must you?) send a response WITHOUT a request.  I'm pretty clear that responses without a request should be allowed.  I cannot for the life of me imagine how we would think that they are mandatory, even for sites that track.
> 
>> I would assume if a server does not provide a response header it does not support DNT (either technical or by policy).
>>
>> - Shane
>>
>> -----Original Message-----
>> From: JC Cannon [mailto:jccannon@microsoft.com] 
>> Sent: Monday, December 19, 2011 6:22 PM
>> To: David Singer; Tracking Protection Working Group WG
>> Subject: RE: tracking-ISSUE-105: Response header without request header? [Tracking Preference Expression (DNT)]
>>
>> I expect that the guidance will be "MAY send response header" vs. "MUST" or "SHOULD".
>>
>> JC
>>
>> -----Original Message-----
>> From: David Singer [mailto:singer@apple.com] 
>> Sent: Monday, December 19, 2011 12:18 PM
>> To: Tracking Protection Working Group WG
>> Subject: Re: tracking-ISSUE-105: Response header without request header? [Tracking Preference Expression (DNT)]
>>
>> I hope so.  Simple sites that do no tracking should be allowed to configure a static 'response' header, saying so, into their config files.
>>
>>
>> On Dec 19, 2011, at 9:35 , Tracking Protection Working Group Issue Tracker wrote:
>>
>>>
>>> tracking-ISSUE-105: Response header without request header?  [Tracking Preference Expression (DNT)]
>>>
>>> http://www.w3.org/2011/tracking-protection/track/issues/105
>>>
>>> Raised by: Matthias Schunter
>>> On product: Tracking Preference Expression (DNT)
>>>
>>> Should a site be required to send a response header even if no request header was received?
>>>
>>> [Spawned off ISSUE-51 during 2011-11-30 Telco]
>>>
>>>
>>>
>>
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>>
>>
>>
>>
>>
>>
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
> 
> 
> 
Received on Tuesday, 20 December 2011 20:08:05 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC