Re: Multiple DNT Headers (ACTION-283, ISSUE-150)

I would say the effect of changing mid-session on a long-lived session
would be rather undefined.

Imagine you load a webpage that loads a social widget. This social widget
has a web-wide exception. It loads all of its application code, and every
minute polls its backend (via XHR, for instance) to see if there's anything
interesting to show. A half hour later, the user somehow revokes the DNT
exception for this widget. The widget is already loaded and is still
polling (the user left the tab open with the widget on it), and seeing
DNT:0 on the initial request the server sent the version of the widget that
does "tracking" (whatever that means, given we haven't defined it...). Now,
on one of the update calls, that update call gets sent with DNT:1 because
the user has changed their settings. The widget is already loaded though,
it's not pulling updated application code, just data. Any requests this
widget makes now would get sent with DNT:1 but the widget was loaded with
DNT:0 and may have made perfectly valid assumptions based on that. I would
say it would be an unrealistic expectation that DNT:0->1 would kick in
until the next navigation (that destroys whatever widgets are currently
loaded), as opposed to the next request made by an already loaded
widget/piece of content/.... user closes the tab, sure the next time they
browse to a page with the widget it will get sent dnt:1 and have to deal
with that, but to expect that already loaded content is going to change in
response to the user changing their browser settings is a very high bar.


On Fri, Oct 12, 2012 at 1:55 PM, Shane Wiley <> wrote:

> Walter,
> As the DNT signal is sent with each header a user can change their mind
> between pages (intra-session).  This issue is focused on a single page
> request header carrying 2 or more conflicting DNT signals.
> Sent from Shane's mobile
> On Oct 12, 2012, at 1:13 PM, "Walter van Holst" <
>> wrote:
> > On 10/12/12 10:03 PM, Adrian Bateman wrote:
> >> This subject has nothing to do with Internet Explorer. The question is
> >> what happens if a broken user agent sends multiple DNT headers, which
> >> violates the definition of the DNT header (which MUST only appear once).
> >> Options include a) assume DNT:1; b) assume DNT:0; c) ignore all the
> >> headers; d) if the multiple headers all have the same value use that
> >> value otherwise one of the previous options; etc.
> >
> > Do I understand you correctly that this would mean that the user cannot
> > change his or her mind mid-session?
> >
> > Regards,
> >
> > Walter
> >
> >

Received on Friday, 12 October 2012 21:08:07 UTC