- From: Tom Lowenthal <tom@mozilla.com>
- Date: Tue, 08 Nov 2011 16:12:16 -0800
- To: "public-tracking@w3.org" <public-tracking@w3.org>
- CC: Heather West <heatherwest@google.com>, Ian Fette <ifette@google.com>
- Message-ID: <4EB9C560.5010803@mozilla.com>
ACTION-29 As we discussed at the F2F, Heather, Ian and I went away and came up with a response header. We think that this meets the constraints that we talked about in the group. - It's really short at two characters ("DNT:xx"). - It should play nicely with caches. - It doesn't have to be dynamically generated, except if a site wants to give user-specific responses. - It gives minimal information in the header, and outsources the rest to a well-know location. This response header proposal has the following features. - Servers state whether they think that they are a first or third party. - Servers state whether they're subject to any exceptions, but not which: that's described at the well-known location. - There is an option for a server to tell users that it thinks that they've opted back in (not catchable). - There is a response for catchable objects for use with the above. Everything still comfortably fits in the two characters: one for status and one for explanations. We'll need to define the first and third party obligations and exceptions in 4.*.* of course, and to define the format for explanation/policy documents. With the exception of "you have opted in" any logical server should only exist in one of these states, so dynamic generation is not needed. --- If a server receives a request with a DNT header, the response to that request MUST include a DNT-response header. The response header is as follows: > DNT-Response = "DNT:" [CFWS] DNT-Status [CFWS] > DNT-Status = no-dnt / full-dnt-1 / full-dnt-3 / except-dnt-1 / except-dnt-3 / opt-dnt-1 / opt-dnt-3 / dnt-cached > no-dnt = 0 > full-dnt-1 = 1 > full-dnt-3 = 3 > except-dnt-1 = E [ explanation ] > except-dnt-3 = e [ explanation ] > opt-dnt-1 = O [ explanation ] > opt-dnt-3 = o [ explanation ] > dnt-cached = c > explanation: ";" [CFWS] "r=" reason-code > reason-code: 1*alphanum > alphanum = ALPHA / DIGIT If a reason code is specified, an *explanation* MUST exist at /.well-known/dnt?r=reason-code . Whether or not a reason code is specified, a *general policy* regarding Do Not Track SHOULD exist at /.well-known/dnt . The structure and requirements for *explanations* and *general-policies* is described in secion $FIXME of this document. *no-dnt* indicates that the server does not comply with [Tracking Definitions and Compliance](). Servers MUST NOT use this response. *full-dnt-1* indicates that the server: - believes it is acting as a first party in responding to this request; - complies with [Tracking Definitions and Compliance](); and - does not and will not use any of the data gathered from this request in conjunction with the exceptions in S4.1.2 . *full-dnt-3* indicates that the server: - believes it is acting as a third party in responding to this request; - complies with [Tracking Definitions and Compliance](); and - does not and will not use any of the data gathered from this request in conjunction with the exceptions in S4.3.2 . *except-dnt-1* indicates that the server: - believes it is acting as a first party in responding to this request; - complies with [Tracking Definitions and Compliance](); - does or may use of the data gathered from this request in conjunction with the exceptions in S4.1.2 , & - the appropriate *explanation* describes all of these possible exceptions. *except-dnt-3* indicates that the server: - believes it is acting as a third party in responding to this request; - complies with [Tracking Definitions and Compliance](); - does or may use of the data gathered from this request in conjunction with the exceptions in S4.3.2 , & - the appropriate *explanation* describes all of these possible exceptions. *opt-dnt-1* indicates that the server: - believes it is acting as a first party in responding to this request; - complies with [Tracking Definitions and Compliance](); - believes that the user has affirmitively consented to allow this site additional permission to track them, & - the appropriate *explanation* describes these additional permissions; and - does or may use of the data gathered from this request in conjunction with the exceptions in S4.3.2 , & - the appropriate *explanation* describes all of these possible exceptions. All responses with this state must be marked as uncacheable. *opt-dnt-3* indicates that the server: - believes it is acting as a third party in responding to this request; - complies with [Tracking Definitions and Compliance](); - believes that the user has affirmitively consented to allow this site additional permission to track them, & - the appropriate *explanation* describes these additional permissions; and - does or may use of the data gathered from this request in conjunction with the exceptions in S4.3.2 , & - the appropriate *explanation* describes all of these possible exceptions. All responses with this state must be marked as uncacheable. *dnt-cached* indicates that this is a cached resource and that any information gained from the server about this resource will be treated: - as if the server is a third party; - without exception; - as if the user has not consented to additional tracking.
Received on Wednesday, 9 November 2011 00:13:40 UTC