Re: XHR's setRequestHeader and the Do Not Track (DNT) header

On Tue, May 8, 2012 at 9:34 PM, Ian Melven <> wrote:
> i'd like to propose that the Do Not Track header (see "DNT"
> be added to the list of request headers not allowed to be set via XHR's setRequestHeader method (see


> there is an additional question of whether a user's Do Not Track setting in the user agent should
> also be added to requests made by XHR - the DNT spec says "A user agent must send the DNT header field on all
> HTTP requests if (and only if) a tracking preference is enabled" which would seem to include XHR...

Unless specified otherwise XMLHttpRequest follows the requirements
from and on HTTP so I don't think anything needs changing here.

Per Adam's comment I have not removed the "Sec-" handling.

Anne — Opera Software

Received on Monday, 14 May 2012 14:53:06 UTC