Interacting with Global Privacy Control

Server-side detection

A user agent's Global Privacy Control setting is attached to HTTP requests as the Sec-GPC request header. This header's value will be "1" if enabled, and not present otherwise. Interacting with this will vary depending on the application back-end. Example code is Node.js/Express.

Header not present

            
app.get("/", function(req, res) {
  const gpcValue = req.header('Sec-GPC')
  if (gpcValue === "1") {
    // signal detected, do something
  }
})

Client-side detection

The navigator.globalPrivacyControl property enables client-side script to determine a user agent's Global Privacy Control setting. This value mirrors the value sent in the Sec-GPC header: it will equal true if the Sec-GPC header sent is equal to "1", and false otherwise.

            
const gpcValue = navigator.globalPrivacyControl
if (gpcValue) {
  // signal detected, do something
}

.well-known

Businesses may host a .well-known/gpc.json resource that indicates to clients how they respond to a Global Privacy Control signal. This is a JSON file hosted at the .well-known/gpc.json endpoint.

Interacting with Global Privacy Control

Server-side detection

Header not present

Client-side detection

DOM signal present
`navigator.globalPrivacyControl:`
DOM signal not present

.well-known

`.well-known/gpc.json` present `.well-known/gpc.json` not present

Interacting with Global Privacy Control

Server-side detection

Header not present

Client-side detection

DOM signal present navigator.globalPrivacyControl: DOM signal not present

.well-known

.well-known/gpc.json present .well-known/gpc.json not present

DOM signal present
`navigator.globalPrivacyControl:`
DOM signal not present

`.well-known/gpc.json` present `.well-known/gpc.json` not present