Hi Rodrigo, Rodrigo Arias <rodarima@gmail.com> wrote:
I think sending the Sec-GPC header by default may be good idea. I suggest adding these two options to control the headers (NO = no header is sent):
http_dnt=YES http_sec_gpc=YES
However, I don't want to introduce any new features or changes in the HTTP headers for this release as we are already closing the 3.3.0.
Sounds reasonable, I agree that allowing the user to control these settings is the right way to go. There was a timely article just yesterday which claims that big-tech is outright ignoring GPC signals: https://www.404media.co/google-microsoft-meta-all-tracking-you-even-when-you... Even though some fines have already been issued based on GPC, they seem too small to be a real deterrent, and it just amounts to the 'cost of doing business' for these large corporations. It appears that often they don't even bother to pay the fines, and just tie up the courts for years: https://www.irishtimes.com/business/2026/01/12/data-protection-commission-ow... So, this will remain an uphill battle, and just sending anti-tracking signals will never be a replacement for aggressive privacy-preserving tactics. Thankfully Dillo has one of the best privacy-preserving features available: no javascript! Rembember people, this is a feature, not a bug! Regards, Alex