- From: David Singer <singer@apple.com>
- Date: Thu, 10 Nov 2011 12:48:48 +0900
- To: Tracking Protection Working Group WG <public-tracking@w3.org>
- Message-id: <17871A1E-27A3-40DA-8679-E0ABD200ED1D@apple.com>
On Nov 10, 2011, at 1:32 , Ronan Heffernan wrote: > > Can anyone come up with a use case here? > > Having a "DNT not set" header would allow a webserver to detect that a DNT header had been stripped-off by an intermediary (router, proxy, etc.), if it maintains a list of user-agent-strings that are known to always send DNT headers (even if the value is 'not set'). This would allow the webserver to treat a request with a stripped-off header differently (perhaps applying DNT? perhaps warning the user?) from a request that came from a browser that was known to not support the DNT feature. > > Similarly, if a response (either from a header or well-known URI) echoes-back the received DNT setting, then having "missing" distinct from "received as 'not set'" would allow the browser to detect that an intermediary (proxy, router, etc.) had stripped-off the user's DNT header, even in the case where it was not set. > > --Ronan Heffernan > I was just reacting to the phrased question and proposing tidy specs (where the default can also be explicitly stated), but Ronan's cases allow UAs to detect DNT-aware sites, and give much greater information. It permits "I see your decline-to-state, and my reaction is to track you" which I am sure will surprise lots of people :-). David Singer Multimedia and Software Standards, Apple Inc.
Received on Thursday, 10 November 2011 03:49:19 UTC