The World Wide Web consists of billions of resources interconnected through the use of hypertext. Hypertext provides a simple, page-oriented view of the information provided by those resources, which can be traversed by selecting links, manipulating controls, and supplying data via forms and search dialogs.
Web site owners often collect data regarding usage of their sites, for a variety of purposes, including what led a user to visit the site ( referrals ), how effective the user experience is within the site ( web analytics ), and the nature of who is using the site ( audience segmentation ). In some cases, the data collected is used to dynamically adapt content ( personalization ) or advertising presented to the user ( targeted advertising ). Data collection often occurs through insertion of embedded elements on each page, resulting in a stream of data that connects a user's activity across multiple pages. A survey of these techniques and their privacy implications can be found in [[KnowPrivacy]].
Users need a mechanism to express their own preferences regarding tracking that is both simple to configure and efficient when implemented. However, merely expressing a preference does not imply that all recipients will comply. In some cases, a server might be dependent on some forms of tracking and unwilling or unable to turn that off. In other cases, a server might perform only limited forms of tracking that would be acceptable to most users. Therefore, servers need mechanisms for communicating their own tracking behavior, requesting an exception to a user's general preference, and storing such a user-granted exception after the user has made an informed choice.
This specification does not define requirements on what a recipient needs to do to comply with a user's expressed tracking preference, except for the means by which such compliance is communicated. Instead, the tracking status provides the ability to identify a set of compliance regimes to which the server claims to comply, with the assumption being that each regime defines its own requirements on compliant behavior. For example, [[TCS]] is a work-in-progress that intends to define such a compliance regime.
Tracking is the collection of data regarding a particular user's activity across multiple distinct contexts and the retention, use, or sharing of data derived from that activity outside the context in which it occurred. A context is a set of resources that are controlled by the same party or jointly controlled by a set of parties.
A network interaction is a single HTTP request and its corresponding response(s): zero or more interim (1xx) responses and a single final (2xx-5xx) response.
A user action is a deliberate action by the user, via configuration, invocation, or selection, to initiate a network interaction. Selection of a link, submission of a form, and reloading a page are examples of user actions. User activity is any set of such user actions.
A user is a natural person who is making, or has made, use of the Web.
A party is a natural person, a legal entity, or a set of legal entities that share common owner(s), common controller(s), and a group identity that is easily discoverable by a user. Common branding or providing a list of affiliates that is available via a link from a resource where a party describes DNT practices are examples of ways to provide this discoverability.
With respect to a given user action, a first party is a party with which the user intends to interact, via one or more network interactions, as a result of making that action. Merely hovering over, muting, pausing, or closing a given piece of content does not constitute a user's intent to interact with another party.
In some cases, a resource on the Web will be jointly controlled by two or more distinct parties. Each of those parties is considered a first party if a user would reasonably expect to communicate with all of them when accessing that resource. For example, prominent co-branding on the resource might lead a user to expect that multiple parties are responsible for the content or functionality.
For any data collected as a result of one or more network interactions resulting from a user's action, a third party is any party other than that user, a first party for that user action, or a service provider acting on behalf of either that user or that first party.
Access to Web resources often involves multiple parties that might process the data received in a network interaction. For example, domain name services, network access points, content distribution networks, load balancing services, security filters, cloud platforms, and software-as-a-service providers might be a party to a given network interaction because they are contracted by either the user or the resource owner to provide the mechanisms for communication. Likewise, additional parties might be engaged after a network interaction, such as when services or contractors are used to perform specialized data analysis or records retention.
For the data received in a given network interaction, a service provider is considered to be the same party as its contractee if the service provider:
- processes the data on behalf of the contractee;
- ensures that the data is only retained, accessed, and used as directed by the
- has no independent right to use the data other than in a permanently de-identified form (e.g. for monitoring service integrity, load balancing, capacity planning, or billing); and,
- has a contract in place with the contractee which is consistent with the above limitations.
A party collects data received in a network interaction if that data remains within the party’s control after the network interaction is complete.
A party uses data if the party processes the data for any purpose other than storage or merely forwarding it to another party.
A party shares data if it transfers or provides a copy of that data to any other party.
Data is permanently de-identified when there exists a high level of confidence that no human subject of the data can be identified, directly or indirectly (e.g. via association with an identifier, user agent, or device), by that data alone or in combination with other retained or available information.
A user-granted exception is a specific tracking preference, overriding a user's general tracking preference, that has been obtained and recorded using the mechanisms defined in .
The key words must. must not. required. should. should not. recommended. may. and optional in this specification are to be interpreted as described in [[!RFC2119]].
This specification uses the Augmented Backus-Naur Form (ABNF) notation of [[!RFC5234]] to define network protocol syntax and WebIDL [[!WEBIDL]] to define scripting APIs. Conformance criteria and considerations regarding error handling are defined in Section 2.5 of [RFC7230].
Determining User Preference
The goal of this protocol is to allow a user to express their personal preference regarding tracking to each server and web application that they communicate with via HTTP, thereby allowing recipients of that preference to adjust tracking behavior accordingly or to reach a separate agreement with the user that satisfies all parties.
Key to that notion of expression is that the signal sent MUST reflect the user's preference, not the choice of some vendor, institution, site, or network-imposed mechanism outside the user's control; this applies equally to both the general preference and exceptions. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user. In the absence of user choice, there is no tracking preference expressed.
A user agent MUST offer users a minimum of two alternative choices for a Do Not Track preference: unset or DNT:1. A user agent MAY offer a third alternative choice: DNT:0.
If the user's choice is DNT:1 or DNT:0. the tracking preference is enabled ; otherwise, the tracking preference is not enabled.
A user agent MUST have a default tracking preference of unset (not enabled) unless a specific tracking preference is implied by the user's decision to use that agent. For example, use of a general-purpose browser would not imply a tracking preference when invoked normally as SuperFred. but might imply a preference if invoked as SuperDoNotTrack or UltraPrivacyFred.
Implementations of HTTP that are not under control of the user MUST NOT add, delete, or modify a tracking preference. Some controlled network environments, such as public access terminals or managed corporate intranets, might impose restrictions on the use or configuration of installed user agents, such that a user might only have access to user agents with a predetermined preference enabled. However, if a user brings their own Web-enabled device to a library or cafe with wireless Internet access, the expectation will be that their chosen user agent and personal preferences regarding Web site behavior will not be altered by the network environment (aside from blanket limitations on what resources can or cannot be accessed through that network).
An HTTP intermediary MUST NOT add, delete, or modify a tracking preference expression in a request forwarded through that intermediary unless the intermediary has been specifically installed or configured to do so by the user making the request. For example, an Internet Service Provider MUST NOT inject DNT:1 on behalf of all users who have not expressed a preference.
User agents often include user-installable extensions. also known as add-ons or plug-ins. that are capable of modifying configurations and making network requests. From the user's perspective, these extensions are considered part of the user agent and ought to respect the user's configuration of a tracking preference. The user agent as a whole is responsible for ensuring conformance with this protocol, to the extent possible, which means the user agent core and each extension are jointly responsible for conformance. However, there is no single standard for extension interfaces. A user agent that permits such extensions SHOULD provide an appropriate mechanism for extensions to determine the user's tracking preference.
A user agent extension MUST NOT alter the tracking preference expression or its associated configuration unless the act of installing and enabling that extension is an explicit choice by the user for that tracking preference, or the extension itself complies with all of the requirements this protocol places on a user agent.
Likewise, software outside of the user agent might filter network traffic or cause a user agent's configuration to be changed. Software that alters a user agent configuration MUST adhere to the above requirements on a user agent extension. Software that filters network traffic MUST adhere to the above requirements on an HTTP intermediary.
Aside from the above requirements, we do not specify how the tracking preference choices are offered to the user or how the preference is enabled: each implementation is responsible for determining the user experience by which a tracking preference is enabled.
For example, a user might select a check-box in their user agent's configuration, install an extension that is specifically designed to add a tracking preference expression, or make a choice for privacy that then implicitly includes a tracking preference (e.g. Privacy settings: high ). A user agent might ask the user for their preference during startup, perhaps on first use or after an update adds the tracking protection feature. Likewise, a user might install or configure a proxy to add the expression to their own outgoing requests.
Expressing a Tracking Preference
When a user has enabled a tracking preference, that preference needs to be expressed to all mechanisms that might perform or initiate tracking.
When enabled. a tracking preference is expressed as either: