- From: Tom Lowenthal <tom@mozilla.com>
- Date: Wed, 25 Jan 2012 17:11:55 +0100
- To: "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <4F2029CB.7080905@mozilla.com>
ACTION-90 ACTION-87 ISSUE-48 ISSUE-76 ISSUE-90 ISSUE-105 ISSUE-106 ISSUE-107 Behold, the bikeshed has been re-painted. --- Non-normative Discussion ------------------------ This response header has the following features: - Servers state whether they think that they are a first or third party. - Servers may state that they think that a user has explicitly opted back in to data collection by that site (not catchable). - There is a response for catchable, static, or otherwise not-relevant-to-tracking objects. Everything fits within two characters: one for status and one for explanations. With the exception of "you have opted in" almost any logical server should only ever exist in one of these states, so dynamic generation is not needed. The user also has a way to query a server to discover that server's tracking policies, without that request causing tracking. Normative Text -------------- If a server receives a request with a DNT header, the response to that request MUST include a DNT-response header. If a server receives a request without a DNT header, the response to that request MAY include a DNT-response header. If sent, a DNT-response header MUST be accurate. The DNT-response header is as follows: > DNT-Response = "Tk:" [CFWS] DNT-Status [CFWS] [ reason-code ] > DNT-Status = no-dnt / full-dnt-1 / full-dnt-3 / except-dnt-1 / except-dnt-3 / opt-dnt-1 / opt-dnt-3 / dnt-cached > no-dnt = 0 > not-tracking = 1 > static-untracked = u > first-party = f > third-party = 3 > service-provider = s > first-party-opt = c > third-part-opt = p > reason-code: 1*alphanum > alphanum = ALPHA / DIGIT If a reason code is specified, an *explanation* MUST exist at /.well-known/dnt?r=reason-code . Whether or not a reason code is specified, a *general policy* regarding Do Not Track SHOULD exist at /.well-known/dnt . The structure and requirements for *explanations* and *general-policies* is described in section $FIXME of this document. *no-dnt* indicates that this party does not comply with [Tracking Definitions and Compliance](). Servers MUST NOT use this response. *not-tracking* indicates that: - this party complies with [Tracking Definitions and Compliance](), - does not engage in tracking, and - that any information gathered by the party as a result of this request will be treated as if this party is a third party. *static-untracked* indicates that: - this a resource -- such as a cached resource -- on which tracking does not occur, and - that any information gathered by the party through requests to this resource will be treated as if the server is a third party. *first-party* indicates that: - this party complies with [Tracking Definitions and Compliance]() and - believes it is acting as a first party in responding to this request. *third-party* indicates that: - this party complies with [Tracking Definitions and Compliance]() and - believes it is acting as a third party in responding to this request. *service-provider* indicates that: - this party complies with [Tracking Definitions and Compliance]() and - believes it is acting as an outsourced third party service provider under section [3.6.1.2]() of [Tracking Definitions and Compliance](). *first-party-opt* indicates that: - this party complies with [Tracking Definitions and Compliance](), - believes it is acting as a first party in responding to this request, - believes that the user has affirmatively consented to allow this site additional permission to track them, and - the appropriate *explanation* describes these additional permissions and allows the user to revoke or modify them. All responses with this state must be marked as uncacheable. *third-part-opt* indicates that: - this party complies with [Tracking Definitions and Compliance](), - believes it is acting as a first party in responding to this request, - believes that the user has affirmatively consented to allow this site additional permission to track them, and - the appropriate *explanation* describes these additional permissions and allows the user to revoke or modify them. All responses with this state must be marked as uncacheable.
Received on Wednesday, 25 January 2012 16:12:44 UTC