Response Header/URI Hybrid [Its aliiive!]

ACTION-29

As we discussed at the F2F, Heather, Ian and I went away and came up
with a response header. We think that this meets the constraints that we
talked about in the group.

- It's really short at two characters ("DNT:xx").
- It should play nicely with caches.
- It doesn't have to be dynamically generated, except if a site wants to
give user-specific responses.
- It gives minimal information in the header, and outsources the rest to
a well-know location.

This response header proposal has the following features.

- Servers state whether they think that they are a first or third party.
- Servers state whether they're subject to any exceptions, but not
which: that's described at the well-known location.
- There is an option for a server to tell users that it thinks that
they've opted back in (not catchable).
- There is a response for catchable objects for use with the above.

Everything still comfortably fits in the two characters: one for status
and one for explanations. We'll need to define the first and third party
obligations and exceptions in 4.*.* of course, and to define the format
for explanation/policy documents. With the exception of "you have opted
in" any logical server should only exist in one of these states, so
dynamic generation is not needed.

   ---

If a server receives a request with a DNT header, the response to that
request MUST include a DNT-response header. The response header is as
follows:

> DNT-Response = "DNT:" [CFWS] DNT-Status [CFWS]
> DNT-Status = no-dnt / full-dnt-1 / full-dnt-3 / except-dnt-1 /
except-dnt-3 / opt-dnt-1 / opt-dnt-3 / dnt-cached
> no-dnt = 0
> full-dnt-1 = 1
> full-dnt-3 = 3
> except-dnt-1 = E [ explanation ]
> except-dnt-3 = e [ explanation ]
> opt-dnt-1 = O [ explanation ]
> opt-dnt-3 = o [ explanation ]
> dnt-cached = c
> explanation: ";" [CFWS] "r=" reason-code
> reason-code: 1*alphanum
> alphanum = ALPHA / DIGIT
If a reason code is specified, an *explanation* MUST exist at
/.well-known/dnt?r=reason-code . Whether or not a reason code is
specified, a *general policy* regarding Do Not Track SHOULD exist at
/.well-known/dnt . The structure and requirements for *explanations* and
*general-policies* is described in secion $FIXME of this document.

*no-dnt* indicates that the server does not comply with [Tracking
Definitions and Compliance](). Servers MUST NOT use this response.

*full-dnt-1* indicates that the server:

- believes it is acting as a first party in responding to this request;
- complies with [Tracking Definitions and Compliance](); and
- does not and will not use any of the data gathered from this request
in conjunction with the exceptions in S4.1.2 .

*full-dnt-3* indicates that the server:

- believes it is acting as a third party in responding to this request;
- complies with [Tracking Definitions and Compliance](); and
- does not and will not use any of the data gathered from this request
in conjunction with the exceptions in S4.3.2 .

*except-dnt-1* indicates that the server:

- believes it is acting as a first party in responding to this request;
- complies with [Tracking Definitions and Compliance]();
- does or may use of the data gathered from this request in conjunction
with the exceptions in S4.1.2 , &
- the appropriate *explanation* describes all of these possible exceptions.

*except-dnt-3* indicates that the server:

- believes it is acting as a third party in responding to this request;
- complies with [Tracking Definitions and Compliance]();
- does or may use of the data gathered from this request in conjunction
with the exceptions in S4.3.2 , &
- the appropriate *explanation* describes all of these possible exceptions.

*opt-dnt-1* indicates that the server:

- believes it is acting as a first party in responding to this request;
- complies with [Tracking Definitions and Compliance]();
- believes that the user has affirmitively consented to allow this site
additional permission to track them, &
- the appropriate *explanation* describes these additional permissions; and
- does or may use of the data gathered from this request in conjunction
with the exceptions in S4.3.2 , &
- the appropriate *explanation* describes all of these possible exceptions.

All responses with this state must be marked as uncacheable.

*opt-dnt-3* indicates that the server:

- believes it is acting as a third party in responding to this request;
- complies with [Tracking Definitions and Compliance]();
- believes that the user has affirmitively consented to allow this site
additional permission to track them, &
- the appropriate *explanation* describes these additional permissions; and
- does or may use of the data gathered from this request in conjunction
with the exceptions in S4.3.2 , &
- the appropriate *explanation* describes all of these possible exceptions.

All responses with this state must be marked as uncacheable.

*dnt-cached* indicates that this is a cached resource and that any
information gained from the server about this resource will be treated:

- as if the server is a third party;
- without exception;
- as if the user has not consented to additional tracking.

Received on Wednesday, 9 November 2011 00:13:40 UTC