Hi, On Tue, Apr 14, 2026 at 08:11:14AM +0000, a1ex@dismail.de wrote:
Hi Rodrigo,
Rodrigo Arias <rodarima@gmail.com> wrote:
The 'Do Not Track' header has been abandoned by W3C and most major browsers. Very few advertising companies actually supported DNT.
Yes, that was the case already when it was merged in 2013, but there was the idea that it won't cause harm:
commit b2be12828a20c54b325a4f31ca62959ea12f642b Author: corvid <corvid@dillo.org> Date: Sun Sep 15 18:48:13 2013 +0000
DNT will at least do no harm
The whole situation is a manifestation of corporate rule, but - it seems that the EU has some data protection laws that could make it worth something in principle there. - some large corporations have been shamed into claiming that they will do a tiny bit of something based on the header value.
At this point I don't think it's reasonable to expect that any corporation will honor it "out of the goodness of their hearts".
The industry has moved on to Sec-GPC, which appears to at least have some legal backing to it. Maybe it makes more sense to simply change the DNT header to Sec-GPC?
I think sending the Sec-GPC header by default may be good idea. I suggest adding these two options to control the headers (NO = no header is sent): http_dnt=YES http_sec_gpc=YES However, I don't want to introduce any new features or changes in the HTTP headers for this release as we are already closing the 3.3.0. I reached out to the EFF to ask if they still recommend the DNT header, and see if they can provide more data or details as to why. If there is enough evidence that we should not send DNT, then I don't have any opposition to remove it by default. But I would like to keep it as an option for those users that still want to enable it. Best, Rodrigo.