DNT-aware JavaScript (ISSUE-84, ACTION-85)

Proposed non-normative text:

It is straightforward to make JavaScript aware of DNT status.  In the simplest case, a server can mirror the DNT HTTP header into JavaScript.  For example, in PHP:

<?php
header("Content-type: text/javascript");
if(array_key_exists("HTTP_DNT", $_SERVER))
	echo "var dnt = '';";
else
	echo "var dnt = '" . $_SERVER["HTTP_DNT"] . "';";
?>

This standard does not include a JavaScript API for DNT status.  A webpage may include scripts from multiple origins; a naive approach (e.g. window.dnt) would give an embedded script the DNT status for the webpage's origin, which may differ from the DNT status for the script's origin.  Providing a DNT status API that accounts for different-origin embedded scripts would introduce implementation challenges for browser developers and script authors and could be a source of fingerprinting information.  Moreover, the first load of a script requires an HTTP request; the server may need to examine the request's DNT header anyways to determine how it may log and use that request.

Received on Wednesday, 25 January 2012 14:06:44 UTC