W3C home > Mailing lists > Public > public-tracking@w3.org > January 2012

DNT-aware JavaScript (ISSUE-84, ACTION-85)

From: Jonathan Mayer <jmayer@stanford.edu>
Date: Wed, 25 Jan 2012 15:05:56 +0100
Message-Id: <30C63224-7296-486D-8327-28AC8823E12A@stanford.edu>
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Proposed non-normative text:

It is straightforward to make JavaScript aware of DNT status.  In the simplest case, a server can mirror the DNT HTTP header into JavaScript.  For example, in PHP:

<?php
header("Content-type: text/javascript");
if(array_key_exists("HTTP_DNT", $_SERVER))
	echo "var dnt = '';";
else
	echo "var dnt = '" . $_SERVER["HTTP_DNT"] . "';";
?>

This standard does not include a JavaScript API for DNT status.  A webpage may include scripts from multiple origins; a naive approach (e.g. window.dnt) would give an embedded script the DNT status for the webpage's origin, which may differ from the DNT status for the script's origin.  Providing a DNT status API that accounts for different-origin embedded scripts would introduce implementation challenges for browser developers and script authors and could be a source of fingerprinting information.  Moreover, the first load of a script requires an HTTP request; the server may need to examine the request's DNT header anyways to determine how it may log and use that request.
Received on Wednesday, 25 January 2012 14:06:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:30 UTC