Why can't we use a HTTP request header to get rid of all cookie consent popups?
It would be hugely better to simply set some setting in your browser that would send a request header to every web site you visit that contains your GDPR preferences. Then every site would have to comply with this by default.
This could be a general purpose header that could send various user preferences, for example it could also tell the website the end user is a child under 13 years of age so the site wouldn't collect certain stats automatically to comply with US Coppa law.
To me this is an obvious solution that would be a lot easier to implement than all those GDPR popups and it would result in a much better usage. What do people think? Should HTTP standard be updated with such header? Or are there any disadvantages of this approach I'm not thinking about?
6 comments
[ 2.8 ms ] story [ 36.0 ms ] threadThe laws require that sites notify you specifically about how they each use cookies which varies hugely from site to site.. accepting a universal approval wouldn't allow such specialized notification on a site by site basis.
Also, many people (including me) would probably set their browsers to equivalent of answering "no" to current tracking questions so the notifications wouldn't be required if I understand the law correctly.
The GDPR mandates that consent should be opt-in (tracking can only begin when the user says yes) and consent should be given freely so the user should not be inconvenienced if they refuse.
However regarding your idea, it's already been tried with the Do Not Track header - the ad-tech scum ended up using it as an extra data point for browser fingerprinting, which meant that opting out of tracking actually made tracking you even easier.