Monday, January 31, 2011

Try out the "Do Not Track" HTTP header

Last week, I blogged about some of the work we're doing at Mozilla to help people better control how they're tracked as they browse the web. The basic idea was to give people a universal "opt out" of tracking for behavioral advertising. A Firefox user will be able to check a box in the preferences dialog and then a HTTP header would be sent with all HTTP requests so all servers know the user wants to opt out.

Well, I'm excited to report that we've landed the first iteration of this feature into Firefox nightly builds (the pre-beta builds that are rough around the edges)! If you'd like to try out the feature, grab a nightly build; I must warn you though, these nightlies are not as stable as the beta releases.

In the build, to enable the feature, open the preferences pane and select the advanced tab. Tick the box that says "Tell sites I do not want to be tracked" and start browsing.




Every connection your browser makes to download content will send a signal that says "don't track me." Literally, it looks like this to servers:
DNT: 1
Note: this is different from the initial experiment that used "X-Do-Not-Track" and my original post last week that said "Tracking-Preference: do-not-track"; it's both shorter and very precise. The researchers at donottrack.us are also recommending this syntax.

I encourage you to try out the test builds, or if you'd like to wait for a more stable version, wait for an upcoming beta release with the feature in it. We do not anticipate that sites are looking for the signal yet, so you probably won't notice a difference as you browse the web. I'm hoping to have a demo site available shortly that will give you an example of what types of changes you might see using this feature -- and when I do, I'll post a link here.

7 comments:

  1. Just one question: Do web servers understand and response this header?

    ReplyDelete
  2. Is the space in "DNT: 1" necessary? If not, you might as well use "DNT:1" and save another byte.

    ReplyDelete
  3. BrowserSpy now also supports the Do Not Track header.

    Check if your browser sends the Do Not Track header here:
    http://browserspy.dk/donottrack.php

    ReplyDelete
  4. I ticked the check box,

    Thanks
    G.S.SRINATHA

    ReplyDelete
  5. Having "DNT: 1" in the request header is great for serverside discovery of user tracking preference, but there's a lot of javascript-based "stuff" out there that includes 3rd party tracking (e.g. sharing widgets).

    Is there a (read-only) javascript property that could be read (e.g. window.DNT) to avoid having to do rely on a server reading the header?

    ReplyDelete
  6. Thank you! I didn't know they had started doing this.

    ReplyDelete
  7. Aidan Whitehall7/17/11, 1:43 AM

    Where as Do-Not-Track is comprehensible without prior knowlege or further investigation, DNT is not.

    And when another header that abbreviates to "DNT" is required, then we'll end up with two similar abbreviations that are sometimes confused.

    Hey, let's abbreviate EVERYTHING, save a few bits of bandwidth and make computing utterly impenetrable.

    Yeah, great idea. ("Not!", added for the benefit of Americans.)

    ReplyDelete