Interacting with Global Privacy Control

Server-side detection

A user agent's Global Privacy Control setting is attached to HTTP requests as the Sec-GPC request header. This header's value will be "1" if enabled, and not present otherwise. Interacting with this will vary depending on on the application back-end. Example code is Node.js/Express.

Header not present

app.get("/", function(req, res) {
  const gpcValue = req.header('Sec-GPC')
  if (gpcValue === "1") {
    // signal detected, do something

Client-side detection

The navigator.globalPrivacyControl property enables client-side script to determine a user agent's Global Privacy Control setting. This value mirrors the value sent in the Sec-GPC header: it will equal true if the Sec-GPC header sent is equal to "1", and false otherwise.

DOM signal present
DOM signal not present

const gpcValue = navigator.globalPrivacyControl
if (gpcValue) {
  // signal detected, do something


Businesses may host a .well-known/gpc.json resource that indicates to clients how they respond to a Global Privacy Control signal. This is a JSON file hosted at the .well-known/gpc.json endpoint.

.well-known/gpc.json present .well-known/gpc.json not present