Re: tracking-ISSUE-105: Response header without request header? [Tracking Preference Expression (DNT)]

Colleagues,
Agree that if no request header was received site  MAY send a response.

Agree that if request header is DNT=1, then a site MUST send a response header to be compliant.

Best,
John

On Dec 20, 2011, at 12:07 PM, Matthias Schunter wrote:

> Hi!
> 
> 
> Summarizing the mails:
>  If _no request header was received_, we agree that in general
>    "MAY send response header" and neither "MUST" nor "SHOULD".
> 
> If this is a common agreement, it settles ISSUE-105!
> 
> More discussions:
> 
> If a request header was received that says DNT=1, then a site MUST
> send a response header (otherwise the user agent cannot validate
> compliance).
> 
> If a request header with DNT=0 was received, the server may indicating
> that it understood and supports DNT by sending a response. This is
> ISSUE-78.
> 
> I actually think that making "the entire existing internet
> non-compliant in a single foop" can be avoided: If I send DNT=1 and a
> server does not respond with any DNT-related info, then a user cannot
> tell whether his preference is followed.  Therefore, I would call this
> site non-compliant.
> 
> 
> Regards,
> matthias
> 
> 
> On 12/20/2011 7:07 PM, David Singer wrote:
>> 
>> On Dec 19, 2011, at 17:26 , Shane Wiley wrote:
>> 
>>> I agree with JC as we'll have publishers/web servers that will take time to upgrade to DNT support once the standard is out.  It'll take several years (if not longer if you look at the IE6 deprecation timeline) for all servers to get to a point where they can provide DNT Response Headers.  
>> 
>> well, that's a different question (if you get a request, is a response required?).  (the answer is no, we can't, or we make the entire existing internet non-compliant in a single foop).
>> 
>> this is the opposite; can you (must you?) send a response WITHOUT a request.  I'm pretty clear that responses without a request should be allowed.  I cannot for the life of me imagine how we would think that they are mandatory, even for sites that track.
>> 
>>> I would assume if a server does not provide a response header it does not support DNT (either technical or by policy).
>>> 
>>> - Shane
>>> 
>>> -----Original Message-----
>>> From: JC Cannon [mailto:jccannon@microsoft.com] 
>>> Sent: Monday, December 19, 2011 6:22 PM
>>> To: David Singer; Tracking Protection Working Group WG
>>> Subject: RE: tracking-ISSUE-105: Response header without request header? [Tracking Preference Expression (DNT)]
>>> 
>>> I expect that the guidance will be "MAY send response header" vs. "MUST" or "SHOULD".
>>> 
>>> JC
>>> 
>>> -----Original Message-----
>>> From: David Singer [mailto:singer@apple.com] 
>>> Sent: Monday, December 19, 2011 12:18 PM
>>> To: Tracking Protection Working Group WG
>>> Subject: Re: tracking-ISSUE-105: Response header without request header? [Tracking Preference Expression (DNT)]
>>> 
>>> I hope so.  Simple sites that do no tracking should be allowed to configure a static 'response' header, saying so, into their config files.
>>> 
>>> 
>>> On Dec 19, 2011, at 9:35 , Tracking Protection Working Group Issue Tracker wrote:
>>> 
>>>> 
>>>> tracking-ISSUE-105: Response header without request header?  [Tracking Preference Expression (DNT)]
>>>> 
>>>> http://www.w3.org/2011/tracking-protection/track/issues/105
>>>> 
>>>> Raised by: Matthias Schunter
>>>> On product: Tracking Preference Expression (DNT)
>>>> 
>>>> Should a site be required to send a response header even if no request header was received?
>>>> 
>>>> [Spawned off ISSUE-51 during 2011-11-30 Telco]
>>>> 
>>>> 
>>>> 
>>> 
>>> David Singer
>>> Multimedia and Software Standards, Apple Inc.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>> 
>> 
>> 
>> 
> 

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org
john@consumerwatchdog.org