response headers and caching etc.

It's been rightly pointed out that requiring a response header that is transaction-specific on resources which, in the normal way of things, would be cache-able, is a mistake.  It makes them non-cacheable.

We've also said that it would be OK ('may') to send a DNT response when there was not a DNT request header;  this allows sites to say "I don't do tracking" statically, for example.

I think we may need a response value that says "the URL and the resource behind it are not tracked".  It's possible we can write 'rules' that say "the response header may be missing and should be assumed to be XXXX under the following conditions (notably, cache-able resources)" but it may be cleaner to have
DNT:1 - this resource is being used to track you
DNT:0 - this resource could have been used to track you, but as per your request, it is not in this case
DNT:X - this resource is not used for tracking ever

Under these circumstances, UAs issuing a DNT:1 request would expect to see a response of some sort from everyone.

Thoughts?


David Singer
Multimedia and Software Standards, Apple Inc.

Received on Tuesday, 17 January 2012 19:53:43 UTC