Re: ACTION-114 ISSUE-107 : Revised response header.

On Feb 5, 2012, at 2:13 PM, Sean Harvey wrote:
> I've reviewed the revised response header extensively with my teams internally and it does indeed seem entirely manageable from the perspective of large servers as well as publisher operations teams, which is exciting.

Yay, that's awesome to hear. Thanks for doing the legwork to check with a large potential implementer.

> I do however want to mention one thing related to site-specific exemptions. I am not clear on this point, but want to make sure that adherence to site-specific exemptions by a server is optional. 
> In particular, I want to make sure that, given that the server should be able to understand what the user's default DNT value is regardless of whether or not a site-specific exemption is in effect. 
> The concern is that some systems may wish to respect a DNT header being on (in part) by setting an opt-out cookie. This opt-out cookie would mean that site-specific exemptions will be ignored and the user will be treated as DNT=on in all cases. This is practically easier in some cases, and we would want this to at least be an option for a server when faced with an array of DNT states. 
> In your view is this currently the case in the revised header spec, and does anyone have any objections to this? 

As I understand it, if a server wished to interpret an opt-out cookie as a Do Not Track preference, they could respond with a Tk:1 response header, even if the request itself didn't have a DNT header at all or had a DNT:0 value.

In particular, from Tom's most recent draft (and I believe this corresponds to an issue that we've resolved):
"If a server receives a request without a DNT header, the response to that request MAY include a DNT-response header."

I'm not entirely sure what that has to do with site-specific exemptions or the "default DNT value" though.

Hope this helps,

Received on Monday, 6 February 2012 01:23:22 UTC