- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Wed, 25 Jan 2012 15:05:56 +0100
- To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Proposed non-normative text: It is straightforward to make JavaScript aware of DNT status. In the simplest case, a server can mirror the DNT HTTP header into JavaScript. For example, in PHP: <?php header("Content-type: text/javascript"); if(array_key_exists("HTTP_DNT", $_SERVER)) echo "var dnt = '';"; else echo "var dnt = '" . $_SERVER["HTTP_DNT"] . "';"; ?> This standard does not include a JavaScript API for DNT status. A webpage may include scripts from multiple origins; a naive approach (e.g. window.dnt) would give an embedded script the DNT status for the webpage's origin, which may differ from the DNT status for the script's origin. Providing a DNT status API that accounts for different-origin embedded scripts would introduce implementation challenges for browser developers and script authors and could be a source of fingerprinting information. Moreover, the first load of a script requires an HTTP request; the server may need to examine the request's DNT header anyways to determine how it may log and use that request.
Received on Wednesday, 25 January 2012 14:06:44 UTC