- From: (unknown charset) Matthias Schunter <mts@zurich.ibm.com>
- Date: Mon, 16 Jan 2012 17:47:40 +0100
- To: (unknown charset) public-tracking@w3.org
Hi! I now reviewed all responses to ISSUE-105 and drafted some text: "If a server has received a http request that does not contain a DNT request header field, then the site MAY include a response header field into the corresponding response." I hope this settles ISSUE-105. I'll change ISSUE-105 to pending review. The other cases (response to DNT;1 or DNT;0) will be handled elsewhere. Comments are welcome! Regards, matthias On 12/21/2011 9:21 AM, Matthias Schunter wrote: > Yes - you are right. > > matthias > > > On 12/20/2011 9:57 PM, Kevin Smith wrote: >>> If a request header was received that says DNT=1, then a site MUST send a response header (otherwise the user agent cannot validate compliance). >> >> We say this a lot. Remember, the user agent can never validate compliance - in any circumstance. All it can do is validate that the server *claims* to be compliant. I think that is an important distinction. If I remember right, this was one reason that some were arguing in favor of a document at a well-known location, because then a service can state its intent to be compliant once instead of over and over. >> >> -----Original Message----- >> From: Matthias Schunter [mailto:mts@zurich.ibm.com] >> Sent: Tuesday, December 20, 2011 1:07 PM >> To: public-tracking@w3.org >> Subject: Re: tracking-ISSUE-105: Response header without request header? [Tracking Preference Expression (DNT)] >> >> Hi! >> >> >> Summarizing the mails: >> If _no request header was received_, we agree that in general >> "MAY send response header" and neither "MUST" nor "SHOULD". >> >> If this is a common agreement, it settles ISSUE-105! >> >> More discussions: >> >> If a request header was received that says DNT=1, then a site MUST send a response header (otherwise the user agent cannot validate compliance). >> >> If a request header with DNT=0 was received, the server may indicating that it understood and supports DNT by sending a response. This is ISSUE-78. >> >> I actually think that making "the entire existing internet non-compliant in a single foop" can be avoided: If I send DNT=1 and a server does not respond with any DNT-related info, then a user cannot tell whether his preference is followed. Therefore, I would call this site non-compliant. >> >> >> Regards, >> matthias >> >> >> On 12/20/2011 7:07 PM, David Singer wrote: >>> >>> On Dec 19, 2011, at 17:26 , Shane Wiley wrote: >>> >>>> I agree with JC as we'll have publishers/web servers that will take time to upgrade to DNT support once the standard is out. It'll take several years (if not longer if you look at the IE6 deprecation timeline) for all servers to get to a point where they can provide DNT Response Headers. >>> >>> well, that's a different question (if you get a request, is a response required?). (the answer is no, we can't, or we make the entire existing internet non-compliant in a single foop). >>> >>> this is the opposite; can you (must you?) send a response WITHOUT a request. I'm pretty clear that responses without a request should be allowed. I cannot for the life of me imagine how we would think that they are mandatory, even for sites that track. >>> >>>> I would assume if a server does not provide a response header it does not support DNT (either technical or by policy). >>>> >>>> - Shane >>>> >>>> -----Original Message----- >>>> From: JC Cannon [mailto:jccannon@microsoft.com] >>>> Sent: Monday, December 19, 2011 6:22 PM >>>> To: David Singer; Tracking Protection Working Group WG >>>> Subject: RE: tracking-ISSUE-105: Response header without request >>>> header? [Tracking Preference Expression (DNT)] >>>> >>>> I expect that the guidance will be "MAY send response header" vs. "MUST" or "SHOULD". >>>> >>>> JC >>>> >>>> -----Original Message----- >>>> From: David Singer [mailto:singer@apple.com] >>>> Sent: Monday, December 19, 2011 12:18 PM >>>> To: Tracking Protection Working Group WG >>>> Subject: Re: tracking-ISSUE-105: Response header without request >>>> header? [Tracking Preference Expression (DNT)] >>>> >>>> I hope so. Simple sites that do no tracking should be allowed to configure a static 'response' header, saying so, into their config files. >>>> >>>> >>>> On Dec 19, 2011, at 9:35 , Tracking Protection Working Group Issue Tracker wrote: >>>> >>>>> >>>>> tracking-ISSUE-105: Response header without request header? >>>>> [Tracking Preference Expression (DNT)] >>>>> >>>>> http://www.w3.org/2011/tracking-protection/track/issues/105 >>>>> >>>>> Raised by: Matthias Schunter >>>>> On product: Tracking Preference Expression (DNT) >>>>> >>>>> Should a site be required to send a response header even if no request header was received? >>>>> >>>>> [Spawned off ISSUE-51 during 2011-11-30 Telco] >>>>> >>>>> >>>>> >>>> >>>> David Singer >>>> Multimedia and Software Standards, Apple Inc. >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> David Singer >>> Multimedia and Software Standards, Apple Inc. >>> >>> >>> >>> >> >> >> >> >> >> > > > >
Received on Monday, 16 January 2012 16:48:22 UTC