Re: Revised Response Header

Oh, and a separate point.

It's by no means clear to me why the *site* should be giving a reason code.  We don't allow anyone to invent exceptions on the outside, do we?  So the exceptions  can all have reason codes in *our* specification, and indeed we can promise that the single-letter anchors will always index into the spec. to explain a reason-code.

So, http://www.w3.org/<where it is>/tpe.html#3

will explain what reason 3 is, to anyone who cares.


On Jan 25, 2012, at 17:11 , Tom Lowenthal wrote:

> ACTION-90 ACTION-87
> ISSUE-48 ISSUE-76 ISSUE-90 ISSUE-105 ISSUE-106 ISSUE-107
> 
> Behold, the bikeshed has been re-painted.
> 
>   ---
> 
> Non-normative Discussion
> ------------------------
> 
> This response header has the following features:
> 
> - Servers state whether they think that they are a first or third party.
> - Servers may state that they think that a user has explicitly opted
> back in to data collection by that site (not catchable).
> - There is a response for catchable, static, or otherwise
> not-relevant-to-tracking objects.
> 
> Everything fits within two characters: one for status and one for
> explanations. With the exception of "you have opted in" almost any
> logical server should only ever exist in one of these states, so dynamic
> generation is not needed. The user also has a way to query a server to
> discover that server's tracking policies, without that request causing
> tracking.
> 
> 
> Normative Text
> --------------
> 
> If a server receives a request with a DNT header, the response to that
> request MUST include a DNT-response header. If a server receives a
> request without a DNT header, the response to that request MAY include a
> DNT-response header. If sent, a DNT-response header MUST be accurate.
> The DNT-response header is as follows:
> 
>> DNT-Response = "Tk:" [CFWS] DNT-Status [CFWS] [ reason-code ]
>> DNT-Status = no-dnt / full-dnt-1 / full-dnt-3 / except-dnt-1 /
> except-dnt-3 / opt-dnt-1 / opt-dnt-3 / dnt-cached
>> no-dnt = 0
>> not-tracking = 1
>> static-untracked = u
>> first-party = f
>> third-party = 3
>> service-provider = s
>> first-party-opt = c
>> third-part-opt = p
>> reason-code: 1*alphanum
>> alphanum = ALPHA / DIGIT
> 
> If a reason code is specified, an *explanation* MUST exist at
> /.well-known/dnt?r=reason-code . Whether or not a reason code is
> specified, a *general policy* regarding Do Not Track SHOULD exist at
> /.well-known/dnt . The structure and requirements for *explanations* and
> *general-policies* is described in section $FIXME of this document.
> 
> *no-dnt* indicates that this party does not comply with [Tracking
> Definitions and Compliance](). Servers MUST NOT use this response.
> 
> *not-tracking* indicates that:
> - this party complies with [Tracking Definitions and Compliance](),
> - does not engage in tracking, and
> - that any information gathered by the party as a result of this request
> will be treated as if this party is a third party.
> 
> *static-untracked* indicates that:
> - this a resource -- such as a cached resource -- on which tracking does
> not occur, and
> - that any information gathered by the party through requests to this
> resource will be treated as if the server is a third party.
> 
> *first-party* indicates that:
> - this party complies with [Tracking Definitions and Compliance]() and
> - believes it is acting as a first party in responding to this request.
> 
> *third-party* indicates that:
> - this party complies with [Tracking Definitions and Compliance]() and
> - believes it is acting as a third party in responding to this request.
> 
> *service-provider* indicates that:
> - this party complies with [Tracking Definitions and Compliance]() and
> - believes it is acting as an outsourced third party service provider
> under section [3.6.1.2]() of [Tracking Definitions and Compliance]().
> 
> *first-party-opt* indicates that:
> - this party complies with [Tracking Definitions and Compliance](),
> - believes it is acting as a first party in responding to this request,
> - believes that the user has affirmatively consented to allow this site
> additional permission to track them, and
> - the appropriate *explanation* describes these additional permissions
> and allows the user to revoke or modify them.
> All responses with this state must be marked as uncacheable.
> 
> *third-part-opt* indicates that:
> - this party complies with [Tracking Definitions and Compliance](),
> - believes it is acting as a first party in responding to this request,
> - believes that the user has affirmatively consented to allow this site
> additional permission to track them, and
> - the appropriate *explanation* describes these additional permissions
> and allows the user to revoke or modify them.
> All responses with this state must be marked as uncacheable.
> 

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 25 January 2012 17:49:41 UTC