- From: (unknown charset) Matthias Schunter <mts@zurich.ibm.com>
- Date: Mon, 06 Feb 2012 22:28:39 +0100
- To: (unknown charset) public-tracking@w3.org
Hi Sean, thanks for reviewing the header proposal. I agree with Nick that this should largely work: 1. The user browses SITE and sends whatever DNT value (or none) that he prefers 2. The site discovers an opt-out cookie and interprets this as DNT;1 3. The site responds with a response header that signals its intended usage (e.g., no tracking / third party) However, I believe that obtaining headers may be more reliable than using redundant information from cookies. Consider a case where: a) The user prefers DNT;1 and sends this header everywhere and has an opt-out cookie as well. b) The site only interprets the cookie (ignoring the header) and assumes DNT;0 if it receives no cookie c) the user deletes all cookies while continuing to send DNT;1 In this case, the site would assume DNT;0 while the user has sent DNT;1. Note that this is not a problem of the response headers. It is rather an issue how to keep the DNT header info in sync with other opt-out schemes. The challenge is to ensure that the cookies used by the site are always in sync with the DNT header sent by the user. Regards, matthias On 2/5/2012 11:15 PM, Sean Harvey wrote: > The concern is that some systems may wish to respect a DNT header > being on (in part) by setting an opt-out cookie. This opt-out cookie > would mean that site-specific exemptions will be ignored and the user > will be treated as DNT=on in all cases. This is practically easier in > some cases, and we would want this to at least be an option for a > server when faced with an array of DNT states. >
Received on Monday, 6 February 2012 21:34:14 UTC