(unknown charset) Re: ACTION-114 ISSUE-107 : Revised response header.

Hi Sean,


thanks for reviewing the header proposal. I agree with Nick that this
should largely work:

1. The user browses SITE and sends whatever DNT value (or none) that
he prefers
2. The site discovers an opt-out cookie and interprets this as DNT;1
3. The site responds with a response header that signals its intended
usage
     (e.g., no tracking / third party)

However, I believe that obtaining headers may be more reliable than
using redundant information from cookies. Consider a case where:
 a) The user prefers DNT;1 and sends this header everywhere
       and has an opt-out cookie as well.
 b) The site only interprets the cookie (ignoring the header)
       and assumes DNT;0 if it receives no cookie
 c) the user deletes all cookies while continuing to send DNT;1

In this case, the site would assume DNT;0 while the user has sent DNT;1.

Note that this is not a problem of the response headers. It is rather
an issue how to keep the DNT header info in sync with other opt-out
schemes. The challenge is to ensure that the cookies used by the site
are always in sync with the DNT header sent by the user.


Regards,
matthias




On 2/5/2012 11:15 PM, Sean Harvey wrote:
> The concern is that some systems may wish to respect a DNT header
> being on (in part) by setting an opt-out cookie. This opt-out cookie
> would mean that site-specific exemptions will be ignored and the user
> will be treated as DNT=on in all cases. This is practically easier in
> some cases, and we would want this to at least be an option for a
> server when faced with an array of DNT states. 
> 

Received on Monday, 6 February 2012 21:34:14 UTC