A user agent's Global Privacy Control setting is attached to HTTP requests as the
Sec-GPC
request header. This header's value will be "1"
if enabled, and not present otherwise. Interacting with this will vary depending
on the application back-end. Example code is Node.js/Express.
app.get("/", function(req, res) {
const gpcValue = req.header('Sec-GPC')
if (gpcValue === "1") {
// signal detected, do something
}
})
The navigator.globalPrivacyControl
property enables client-side script to determine
a user agent's Global Privacy Control setting. This value mirrors the value sent in the
Sec-GPC
header: it will equal true
if the Sec-GPC
header sent
is equal to "1"
, and false
otherwise.
navigator.globalPrivacyControl:
const gpcValue = navigator.globalPrivacyControl
if (gpcValue) {
// signal detected, do something
}
Businesses may host a .well-known/gpc.json
resource that indicates to clients how
they respond to a Global Privacy Control signal. This is a JSON file hosted at the
.well-known/gpc.json
endpoint.
.well-known/gpc.json
present
.well-known/gpc.json
not present