tpe_CR_2015.txt   tpe_ED_20170321.txt 
Link: canonical
W3C W3C
Tracking Preference Expression (DNT) Tracking Preference Expression (DNT)
W3C Candidate Recommendation 20 August 2015 W3C Editor's Draft 21 March 2017
This version: This version:
http://www.w3.org/TR/2015/CR-tracking-dnt-20150820/ https://w3c.github.io/dnt/drafts/tracking-dnt.html
Latest published version: Latest published version:
http://www.w3.org/TR/tracking-dnt/ https://www.w3.org/TR/tracking-dnt/
Latest editor's draft: Latest editor's draft:
http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html https://w3c.github.io/dnt/drafts/tracking-dnt.html
Implementation report:
http://www.w3.org/2011/tracking-protection/track/products/7
Previous version: Previous editor's draft:
http://www.w3.org/TR/2014/WD-tracking-dnt-20140424/ https://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html
Editors: Editors:
Roy T. Fielding, Adobe Roy T. Fielding, Adobe
David Singer, Apple David Singer, Apple
Copyright © 2015 W3C^® (MIT, ERCIM, Keio, Beihang). W3C liability, Copyright © 2017 W3C^® (MIT, ERCIM, Keio, Beihang). W3C liability,
trademark and document use rules apply. trademark and document use rules apply.
---------------------------------------------------------------------- ----------------------------------------------------------------------
Abstract Abstract
This specification defines the DNT request header field as an HTTP This specification defines the DNT request header field as an HTTP
mechanism for expressing the user's preference regarding tracking, an HTML mechanism for expressing the user's preference regarding tracking, an HTML
DOM property to make that expression readable by scripts, and APIs that DOM property to make that expression readable by scripts, and APIs that
allow scripts to register site-specific exceptions granted by the user. It allow scripts to register site-specific exceptions granted by the user. It
also defines mechanisms for sites to communicate whether and how they also defines mechanisms for sites to communicate whether and how they
honor a received preference through use of the Tk response header field honor a received preference through use of the Tk response header field
and well-known resources that provide a machine-readable tracking status. and well-known resources that provide a machine-readable tracking status.
Status of This Document Status of This Document
This section describes the status of this document at the time of its This section describes the status of this document at the time of its
publication. Other documents may supersede this document. A list of publication. Other documents may supersede this document. A list of
current W3C publications and the latest revision of this technical report current W3C publications and the latest revision of this technical report
can be found in the W3C technical reports index at http://www.w3.org/TR/. can be found in the W3C technical reports index at https://www.w3.org/TR/.
This document was published by the Tracking Protection Working Group as a
Candidate Recommendation on 20 August 2015. This document is intended to
become a W3C Recommendation. If you wish to make comments regarding this
document, please send them to public-tracking-comments@w3.org (subscribe,
archives). W3C publishes a Candidate Recommendation to indicate that the
document is believed to be stable and to encourage implementation by the
developer community. This Candidate Recommendation is expected to advance
to Proposed Recommendation no earlier than 20 November 2015. The Working
Group expects to have sufficient implementation experience by 20 February
2016. All comments are welcome.
Readers may review changes from the Last Call Working Draft; changes This document is an editors' straw man reflecting a snapshot of live
include: moving JavaScript property to navigator; addition of a tracking discussions within the Tracking Protection Working Group. It does not yet
status value for gateways; clarifications of terminology; and updated capture all of our work and does not constitute working group consensus.
references. An issue tracking system is available for recording raised, Text in option boxes (highlighted with light blue background color)
open, pending review, closed, and postponed issues regarding this present options that the group is currently considering, particularly
document. There is also a list of issues reported and addressed during the where consensus is known to be lacking, and should be read as a set of
Last Call period. proposals rather than as limitations on the potential outcome. An issue
tracking system is available for recording raised, open, pending review,
closed, and postponed issues regarding this document.
The following feature is at risk and might be cut from the specification The following feature is at risk and might be cut from the specification
during the CR period if there are no (correct) implementations: during the CR period if there are no (correct) implementations:
* DNT-extension * DNT-extension
Please see the Working Group's implementation report. This document was published by the Tracking Protection Working Group as an
Editor's Draft. If you wish to make comments regarding this document,
please send them to public-tracking@w3.org (subscribe, archives). All
comments are welcome.
Publication as a Candidate Recommendation does not imply endorsement by Publication as an Editor's Draft does not imply endorsement by the W3C
the W3C Membership. This is a draft document and may be updated, replaced Membership. This is a draft document and may be updated, replaced or
or obsoleted by other documents at any time. It is inappropriate to cite obsoleted by other documents at any time. It is inappropriate to cite this
this document as other than work in progress. document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 This document was produced by a group operating under the 5 February 2004
W3C Patent Policy. W3C maintains a public list of any patent disclosures W3C Patent Policy. W3C maintains a public list of any patent disclosures
made in connection with the deliverables of the group; that page also made in connection with the deliverables of the group; that page also
includes instructions for disclosing a patent. An individual who has includes instructions for disclosing a patent. An individual who has
actual knowledge of a patent which the individual believes contains actual knowledge of a patent which the individual believes contains
Essential Claim(s) must disclose the information in accordance with Essential Claim(s) must disclose the information in accordance with
section 6 of the W3C Patent Policy. section 6 of the W3C Patent Policy.
This document is governed by the 14 October 2005 W3C Process Document. This document is governed by the 1 March 2017 W3C Process Document.
Table of Contents Table of Contents
* 1. Introduction * 1. Introduction
* 2. Terminology * 2. Terminology
* 2.1 HTTP * 2.1 HTTP
* 2.2 Activity * 2.2 Activity
* 2.3 Participants * 2.3 Participants
* 2.4 Data * 2.4 Data
* 2.5 Preferences * 2.5 Preferences
skipping to change at line 165 skipping to change at line 158
* 7.4.3 API to Confirm a Site-specific Exception * 7.4.3 API to Confirm a Site-specific Exception
* 7.5 Web-wide Exceptions * 7.5 Web-wide Exceptions
* 7.5.1 API to Request a Web-wide Exception * 7.5.1 API to Request a Web-wide Exception
* 7.5.2 API to Cancel a Web-wide Exception * 7.5.2 API to Cancel a Web-wide Exception
* 7.5.3 API to Confirm a Web-wide Exception * 7.5.3 API to Confirm a Web-wide Exception
* 7.6 User Interface Guidelines * 7.6 User Interface Guidelines
* 7.7 Exceptions without Interactive JavaScript * 7.7 Exceptions without Interactive JavaScript
* 7.8 Exceptions without an Expressed Preference * 7.8 Exceptions without an Expressed Preference
* 7.9 Exception Use by Sites * 7.9 Exception Use by Sites
* 7.10 Fingerprinting * 7.10 Fingerprinting
* 8. Security Considerations
* 9. Privacy Considerations
* A. Acknowledgements * A. Acknowledgements
* B. Registrations * B. Registrations
* C. References * C. References
* C.1 Normative references * C.1 Normative references
* C.2 Informative references * C.2 Informative references
1. Introduction 1. Introduction
The World Wide Web consists of billions of resources interconnected The World Wide Web consists of billions of resources interconnected
through the use of hypertext. Hypertext provides a simple, page-oriented through the use of hypertext. Hypertext provides a simple, page-oriented
skipping to change at line 531 skipping to change at line 526
Note Note
The DNT-extension feature is considered at-risk. Since no extensions have The DNT-extension feature is considered at-risk. Since no extensions have
been defined, implementors that don't read specifications are likely to been defined, implementors that don't read specifications are likely to
assume that DNT only has the fixed values of "0" or "1". Furthermore, the assume that DNT only has the fixed values of "0" or "1". Furthermore, the
potential benefits of this mechanism are unclear given that extension potential benefits of this mechanism are unclear given that extension
information could be supplied using separate request header fields. information could be supplied using separate request header fields.
5.3 JavaScript Property to Detect Preference 5.3 JavaScript Property to Detect Preference
The doNotTrack property enables a client-side script with read access to The Navigator.doNotTrack property enables a client-side script with read
the Navigator object to determine what DNT header field value would be access to the Navigator object [HTML5] to determine what DNT header field
sent in requests to the document-origin, taking into account the user's value would be sent in requests to the document-origin, taking into
general preference (if any) and any user-granted exceptions applicable to account the user's general preference (if any) and the current
that origin server. user-granted exceptions applicable to that origin server.
partial interface Navigator { partial interface Navigator {
readonly attribute DOMString? doNotTrack; readonly attribute DOMString? doNotTrack;
}; };
doNotTrack of type DOMString, readonly , nullable The value of Navigator.doNotTrack is the string value that would be sent
Returns the same string value that would be sent in a in a DNT-field-value (section 5.2 DNT Header Field for HTTP Requests) to a
DNT-field-value (section 5.2 DNT Header Field for HTTP Requests) target that is the document-origin of the window, in the browser context
to a target that is the document-origin of the window, in the of the current top-level origin. The value is null if no DNT header field
browser context of the current top-level origin. The value is null would be sent (e.g., because a tracking preference is not enabled);
if no DNT header field would be sent (e.g., because a tracking otherwise, the value is a string beginning with "0" or "1", possibly
preference is not enabled); otherwise, the value is a string followed by DNT-extension characters.
beginning with "0" or "1", possibly followed by DNT-extension
characters.
5.4 Tracking Preference Expressed in Other Protocols 5.4 Tracking Preference Expressed in Other Protocols
A user's tracking preference is intended to apply in general, regardless A user's tracking preference is intended to apply in general, regardless
of the protocols being used for Internet communication. However, it is of the protocols being used for Internet communication. However, it is
beyond the scope of this specification to define how a user's tracking beyond the scope of this specification to define how a user's tracking
preference might be communicated via protocols other than HTTP. preference might be communicated via protocols other than HTTP.
6. Communicating a Tracking Status 6. Communicating a Tracking Status
skipping to change at line 1350 skipping to change at line 1343
of domain names. of domain names.
Conversely, if a wild-card is used, the user might be told that there is a Conversely, if a wild-card is used, the user might be told that there is a
stored exception for all third-parties that are embedded by the indicated stored exception for all third-parties that are embedded by the indicated
top-level origin. top-level origin.
7.4 Site-specific Exceptions 7.4 Site-specific Exceptions
7.4.1 API to Request a Site-specific Exception 7.4.1 API to Request a Site-specific Exception
Navigator.storeSiteSpecificTrackingException is called by a page to store
a site-specific tracking exception. A StoreExceptionPropertyBag dictionary
contains the information to be stored for that exception.
partial interface Navigator { partial interface Navigator {
void storeSiteSpecificTrackingException (StoreSiteSpecificExceptionProperty Promise<void> storeSiteSpecificTrackingException(StoreExceptionPropertyBag
Bag properties); properties);
}; };
storeSiteSpecificTrackingException
Called by a page to store a site-specific tracking exception.
Parameter Type Nullable Optional Description
properties StoreSiteSpecificExceptionPropertyBag ✘ ✘
Return type: void
dictionary StoreExceptionPropertyBag { dictionary StoreExceptionPropertyBag {
DOMString? domain; DOMString? domain;
DOMString? siteName; DOMString? siteName;
DOMString? explanationString; DOMString? explanationString;
DOMString? detailURI; DOMString? detailURI;
DOMString? expires; DOMString? expires;
long? maxAge; long? maxAge;
sequence<DOMString> arrayOfDomainStrings;
}; };
detailURI of type DOMString, nullable Navigator.storeSiteSpecificTrackingException passes a
A location at which further information about this request can be StoreExceptionPropertyBag that can contain the following properties:
found.
domain of type DOMString, nullable domain
a cookie-domain as defined in [RFC6265], to which the exception a cookie-domain as defined in [RFC6265], to which the exception
applies. applies.
expires of type DOMString, nullable siteName
A user-readable string for the name of the top-level origin.
explanationString
A short explanation of the request.
detailURI
A location at which further information about this request can be
found.
expires
A date and time, encoded as described for the cookie Expires A date and time, encoded as described for the cookie Expires
attribute described in [RFC6265], indicating the maximum lifetime attribute described in [RFC6265], indicating the maximum lifetime
of the remembered grant. of the remembered grant.
explanationString of type DOMString, nullable maxAge
A short explanation of the request.
maxAge of type long, nullable
A positive number of seconds indicating the maximum lifetime of A positive number of seconds indicating the maximum lifetime of
the remembered grant. the remembered grant.
siteName of type DOMString, nullable arrayOfDomainStrings
A user-readable string for the name of the top-level origin.
dictionary StoreSiteSpecificExceptionPropertyBag : StoreExceptionPropertyBag {
sequence<DOMString> arrayOfDomainStrings;
};
arrayOfDomainStrings of type sequence<DOMString>,
A JavaScript array of strings. A JavaScript array of strings.
The storeSiteSpecificTrackingException method takes a dictionary argument
of type StoreSiteSpecificExceptionPropertyBag that allows optional
information to be provided.
If the request does not include the arrayOfDomainStrings, then this If the request does not include the arrayOfDomainStrings, then this
request is for a site-wide exception. Otherwise each string in request is for a site-wide exception. Otherwise each string in
arrayOfDomainStrings specifies a target. When called, arrayOfDomainStrings specifies a target. When called,
storeSiteSpecificTrackingException MUST return immediately. storeSiteSpecificTrackingException MUST return immediately with a Promise
resolving to a void, or rejected with a DOMException SYNTAX_ERR.
If the list arrayOfDomainStrings is supplied, the user agent MAY choose to If the list arrayOfDomainStrings is supplied, the user agent MAY choose to
store a site-wide exception. If it does so it MUST indicate this in the store a site-wide exception. If it does so it MUST indicate this in the
return value. return value.
If domain is not specified or is null or empty then the execution of this If domain is not specified or is null or empty then the execution of this
API and the use of the resulting permission (if granted) use the API and the use of the resulting permission (if granted) use the
'implicit' parameter, when the API is called, the document origin. This 'implicit' parameter, when the API is called, the document origin. This
forms the first part of the duplet in the logical model, and hence in forms the first part of the duplet in the logical model, and hence in
operation will be compared with the top-level origin. operation will be compared with the top-level origin.
skipping to change at line 1445 skipping to change at line 1432
domain argument can be set to fully-qualified right-hand segment of the domain argument can be set to fully-qualified right-hand segment of the
document host name, up to one level below TLD. document host name, up to one level below TLD.
For example, www.foo.bar.example.com can set the domain parameter as as For example, www.foo.bar.example.com can set the domain parameter as as
"bar.example.com" or "example.com", but not to "bar.example.com" or "example.com", but not to
"something.else.example.com" or "com". "something.else.example.com" or "com".
If the document-origin would not be able to set a cookie on the domain If the document-origin would not be able to set a cookie on the domain
following the cookie domain rules [RFC6265] (e.g. domain is not a following the cookie domain rules [RFC6265] (e.g. domain is not a
right-hand match or is a TLD) then the duplet MUST NOT be entered into the right-hand match or is a TLD) then the duplet MUST NOT be entered into the
database and a SYNTAX_ERR exception SHOULD be thrown. database and the returned Promise rejected with a DOMException SYNTAX_ERR.
If permission is stored for an explicit list, then the set of duplets (one If permission is stored for an explicit list, then the set of duplets (one
per target): per target):
[*.domain, target] [*.domain, target]
is added to the database of remembered grants. is added to the database of remembered grants.
If permission is stored for a site-wide exception, then the duplet: If permission is stored for a site-wide exception, then the duplet:
skipping to change at line 1481 skipping to change at line 1468
If maxAge is supplied and not null, empty or negative the remembered grant If maxAge is supplied and not null, empty or negative the remembered grant
will be cancelled (i.e. processed as if the relevant Cancel API had been will be cancelled (i.e. processed as if the relevant Cancel API had been
called) no later than the specified number of seconds following the grant. called) no later than the specified number of seconds following the grant.
If both maxAge and expires are supplied, maxAge has precedence. If neither If both maxAge and expires are supplied, maxAge has precedence. If neither
maxAge or expires are supplied, the user agent MAY retain the remembered maxAge or expires are supplied, the user agent MAY retain the remembered
grant until it is cancelled. grant until it is cancelled.
7.4.2 API to Cancel a Site-specific Exception 7.4.2 API to Cancel a Site-specific Exception
Navigator.removeSiteSpecificTrackingException is called by a page to
cancel a site-specific tracking exception. A RemoveExceptionPropertyBag
dictionary contains information to identify the exception.
partial interface Navigator { partial interface Navigator {
void removeSiteSpecificTrackingException (RemoveExceptionPropertyBag proper Promise<void>
ties); removeSiteSpecificTrackingException(RemoveExceptionPropertyBag properties);
}; };
removeSiteSpecificTrackingException
If domain is not supplied or is null or empty then this ensures
that the database of remembered grants no longer contains any
duplets for which the first part is the current document origin;
i.e., no duplets [document-origin, target] for any target.
If domain is supplied and is not empty then this ensures that the
database of remembered grants no longer contains any duplets for
which the first part is the domain wildcard; i.e., no duplets
[*.domain, target] for any target.
There is no callback. After the call has been made, it is assured
that there are no site-specific or site-wide exceptions for the
given top-level origin.
Parameter Type Nullable Optional Description
properties RemoveExceptionPropertyBag ✘ ✘
Return type: void
dictionary RemoveExceptionPropertyBag { dictionary RemoveExceptionPropertyBag {
DOMString? domain; DOMString? domain;
}; };
domain of type DOMString, nullable Navigator.removeSiteSpecificTrackingException passes a
RemoveExceptionPropertyBag that can contain the following property:
domain
a cookie-domain as defined in [RFC6265], to which the exception a cookie-domain as defined in [RFC6265], to which the exception
applies. applies.
When this method returns, the database of grants no longer contains the If domain is not supplied or is null or empty then this ensures that the
indicated grant(s); if some kind of processing error occurred then an database of remembered grants no longer contains any duplets for which the
appropriate exception will be thrown. first part is the current document origin; i.e., no duplets
[document-origin, target] for any target.
If domain is supplied and is not empty then this ensures that the database
of remembered grants no longer contains any duplets for which the first
part is the domain wildcard; i.e., no duplets [*.domain, target] for any
target.
A Promise resolving to void is returned. When the Promise has been
resolved, it is assumed that there are no site-specific or site-wide
exceptions for the given top-level origin.
When the returned Promise is resolved, the database of grants no longer
contains the indicated grant(s); if some kind of processing error occurred
then an appropriate exception will be thrown.
If there are no matching duplets in the database of remembered grants when If there are no matching duplets in the database of remembered grants when
the method is called then this operation does nothing (and does not throw the method is called then this operation does nothing (and does not throw
an exception). an exception).
7.4.3 API to Confirm a Site-specific Exception 7.4.3 API to Confirm a Site-specific Exception
Navigator.confirmSiteSpecificTrackingException is called by a page to
confirm a site-specific tracking exception. A ConfirmExceptionPropertyBag
dictionary contains information to identify the exception.
partial interface Navigator { partial interface Navigator {
boolean confirmSiteSpecificTrackingException (ConfirmSiteSpecificExceptionP Promise<boolean>
ropertyBag properties); confirmSiteSpecificTrackingException(ConfirmExceptionPropertyBag properties);
}; };
confirmSiteSpecificTrackingException
Called by a page to confirm a site-specific tracking exception.
Parameter Type Nullable Optional Description
properties ConfirmSiteSpecificExceptionPropertyBag ✘ ✘
Return type: boolean
dictionary ConfirmExceptionPropertyBag { dictionary ConfirmExceptionPropertyBag {
DOMString? domain; DOMString? domain;
sequence<DOMString> arrayOfDomainStrings;
}; };
domain of type DOMString, nullable Navigator.confirmSiteSpecificTrackingException passes a
ConfirmExceptionPropertyBag that can contain the following properties:
domain
a cookie-domain as defined in [RFC6265], to which the exception a cookie-domain as defined in [RFC6265], to which the exception
applies. applies.
dictionary ConfirmSiteSpecificExceptionPropertyBag : ConfirmExceptionPropertyBa arrayOfDomainStrings
g {
sequence<DOMString> arrayOfDomainStrings;
};
arrayOfDomainStrings of type sequence<DOMString>,
A JavaScript array of strings. A JavaScript array of strings.
If the call does not include the arrayOfDomainStrings, then this call is If the call does not include the arrayOfDomainStrings, then this call is
to confirm a site-wide exception. Otherwise each string in to confirm a site-wide exception. Otherwise each string in
arrayOfDomainStrings specifies a target. arrayOfDomainStrings specifies a target.
If the list arrayOfDomainStrings is supplied, and the user agent stores If the list arrayOfDomainStrings is supplied, and the user agent stores
only site-wide exceptions, then the user agent MUST match by confirming a only site-wide exceptions, then the user agent MUST match by confirming a
site-wide exception. site-wide exception.
skipping to change at line 1586 skipping to change at line 1571
for the existence of all the duplets (one per target): for the existence of all the duplets (one per target):
[*.domain, target] [*.domain, target]
If the user agent stores only site-wide exceptions or the call did not If the user agent stores only site-wide exceptions or the call did not
include an explicit list, and the domain argument is provided and is not include an explicit list, and the domain argument is provided and is not
empty then the database is checked for the single duplet: empty then the database is checked for the single duplet:
[*.domain, * ] [*.domain, * ]
The returned boolean has the following possible values: The returned Promise resolves to a boolean which has the following
possible values:
* true all the duplets exist in the database; * true all the duplets exist in the database;
* false one or more of the duplets does not exist in the database. * false one or more of the duplets does not exist in the database.
7.5 Web-wide Exceptions 7.5 Web-wide Exceptions
7.5.1 API to Request a Web-wide Exception 7.5.1 API to Request a Web-wide Exception
Navigator.storeWebWideTrackingException is called by a page to request the
addition of a web-wide grant for a specific site to the database.
partial interface Navigator { partial interface Navigator {
void storeWebWideTrackingException (StoreExceptionPropertyBag properties); Promise<void> storeWebWideTrackingException(StoreExceptionPropertyBag
properties);
}; };
storeWebWideTrackingException Navigator.storeWebWideTrackingException passes a
The single duplet [ * , document-origin] or [ * , *.domain] (based StoreExceptionPropertyBag, as described in section 7.4.1 API to Request a
on if domain is provided and is not null and not empty) is added Site-specific Exception.
to the database of remembered grants. The properties of the
StoreExceptionPropertyBag dictionary are as described above in the
request for site-specific exceptions.
Parameter Type Nullable Optional Description
properties StoreExceptionPropertyBag ✘ ✘
Return type: void
This API requests the addition of a web-wide grant for a specific site to The single duplet [ * , document-origin] or [ * , *.domain] (based on if
the database. domain is provided and is not null and not empty) is added to the database
of remembered grants.
7.5.2 API to Cancel a Web-wide Exception 7.5.2 API to Cancel a Web-wide Exception
Navigator.removeWebWideTrackingException is called by a page to request
the removal of a web-wide grant for a specific site from the database.
partial interface Navigator { partial interface Navigator {
void removeWebWideTrackingException (RemoveExceptionPropertyBag properties) Promise<void> removeWebWideTrackingException(RemoveExceptionPropertyBag
; properties);
}; };
removeWebWideTrackingException Navigator.removeWebWideTrackingException passes a
Ensures that the database of remembered grants no longer contains RemoveExceptionPropertyBag, as described in section 7.4.2 API to Cancel a
the duplet [ * , document-origin] or [ * , *.domain] (based on if Site-specific Exception.
domain is provided and is not null and not empty). There is no
callback. After the call has been made, the indicated pair is
assured not to be in the database. The same matching process
defined for determining which header field to send is also used to
detect which entry (if any) to remove from the database.
Parameter Type Nullable Optional Description Ensures that the database of remembered grants no longer contains the
properties RemoveExceptionPropertyBag ✘ ✘ duplet [ * , document-origin] or [ * , *.domain] (based on if domain is
provided and is not null and not empty).
Return type: void A Promise resolving to void is returned. When the Promise is resolved, the
indicated pair is assured not to be in the database. The same matching
process defined for determining which header field to send is also used to
detect which entry (if any) to remove from the database.
7.5.3 API to Confirm a Web-wide Exception 7.5.3 API to Confirm a Web-wide Exception
Navigator.confirmWebWideTrackingException is called by a page to confirm
that there exists in the database a web-wide exception for a specific
site.
partial interface Navigator { partial interface Navigator {
boolean confirmWebWideTrackingException (ConfirmExceptionPropertyBag proper Promise<boolean>
ties); confirmWebWideTrackingException(ConfirmSiteSpecificExceptionPropertyBag
properties);
}; };
confirmWebWideTrackingException Navigator.confirmWebWideTrackingException passes a
Confirms that there exists in the database a web-wide exception ConfirmExceptionPropertyBag, as described in section 7.4.3 API to Confirm
for a specific site. a Site-specific Exception.
Parameter Type Nullable Optional Description
properties ConfirmExceptionPropertyBag ✘ ✘
Return type: boolean
The returned boolean indicates whether the duplet [ * , document-origin] The returned Promise resolves to a boolean indicating whether the duplet [
or [ * , *.domain] (based on if domain is provided and is not null and not * , document-origin] or [ * , *.domain] (based on if domain is provided
empty) exists in the database. and is not null and not empty) exists in the database.
* true indicates that the web-wide exception exists; * true indicates that the web-wide exception exists;
* false indicates that the web-wide exception does not exist. * false indicates that the web-wide exception does not exist.
7.6 User Interface Guidelines 7.6 User Interface Guidelines
This section is non-normative. This section is non-normative.
As described above, it is the sole responsibility of the site making an As described above, it is the sole responsibility of the site making an
API call to determine that an exception grant reflects the user's informed API call to determine that an exception grant reflects the user's informed
skipping to change at line 1804 skipping to change at line 1791
exception. exception.
7.10 Fingerprinting 7.10 Fingerprinting
By storing a client-side configurable state and providing functionality to By storing a client-side configurable state and providing functionality to
learn about it later, this API might facilitate user fingerprinting and learn about it later, this API might facilitate user fingerprinting and
tracking. User agent developers ought to consider the possibility of tracking. User agent developers ought to consider the possibility of
fingerprinting during implementation and might consider rate-limiting fingerprinting during implementation and might consider rate-limiting
requests or using other heuristics to mitigate fingerprinting risk. requests or using other heuristics to mitigate fingerprinting risk.
8. Security Considerations
TBD.
9. Privacy Considerations
This entire specification is addressing privacy considerations.
A. Acknowledgements A. Acknowledgements
This specification consists of input from many discussions within and This specification consists of input from many discussions within and
around the W3C Tracking Protection Working Group, along with written around the W3C Tracking Protection Working Group, along with written
contributions from Adrian Bateman (Microsoft), Justin Brookman (CDT), contributions from Adrian Bateman (Microsoft), Justin Brookman (CDT),
Nick Doty (W3C/MIT), Marcos Caceres (Mozilla), Rob van Eijk (Invited Nick Doty (W3C/MIT), Marcos Caceres (Mozilla), Rob van Eijk (Invited
Expert), Roy T. Fielding (Adobe), Vinay Goel (Adobe), Tom Lowenthal Expert), Roy T. Fielding (Adobe), Vinay Goel (Adobe), Tom Lowenthal
(Mozilla), Jonathan Mayer (Stanford), Aleecia M. McDonald (Stanford), (Mozilla), Jonathan Mayer (Stanford), Aleecia M. McDonald (Stanford),
Mike O'Neill (Baycloud Systems), Matthias Schunter (Intel), John Simpson Mike O'Neill (Baycloud Systems), Matthias Schunter (Intel), John Simpson
(Consumer Watchdog), David Singer (Apple), Rigo Wenning (W3C/ERCIM), (Consumer Watchdog), David Singer (Apple), Rigo Wenning (W3C/ERCIM),
skipping to change at line 1852 skipping to change at line 1847
Security considerations: Security considerations:
See JSON [RFC7159], Section 12. See JSON [RFC7159], Section 12.
Interoperability considerations: Interoperability considerations:
N/A N/A
Published specification: Published specification:
Tracking Preference Expression (DNT), section 6.5 Tracking Status Tracking Preference Expression (DNT), section 6.5 Tracking Status
Representation. Representation.
http://www.w3.org/TR/tracking-dnt/ https://www.w3.org/TR/tracking-dnt/
Applications that use this media type: Applications that use this media type:
N/A N/A
Fragment identifier considerations: Fragment identifier considerations:
N/A N/A
Additional information: Additional information:
Deprecated alias names for this type: N/A Deprecated alias names for this type: N/A
Magic number(s): N/A Magic number(s): N/A
skipping to change at line 1886 skipping to change at line 1881
Roy T. Fielding and David Singer Roy T. Fielding and David Singer
Change controller: Change controller:
W3C W3C
C. References C. References
C.1 Normative references C.1 Normative references
[HTML5] [HTML5]
Ian Hickson; Robin Berjon; Steve Faulkner; Travis Leithead; Erika HTML5. Ian Hickson; Robin Berjon; Steve Faulkner; Travis Leithead;
Doyle Navara; Edward O'Connor; Silvia Pfeiffer. HTML5. 28 October Erika Doyle Navara; Theresa O'Connor; Silvia Pfeiffer. W3C. 28
2014. W3C Recommendation. URL: http://www.w3.org/TR/html5/ October 2014. W3C Recommendation. URL:
https://www.w3.org/TR/html5/
[RFC2119] [RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Key words for use in RFCs to Indicate Requirement Levels. S.
Levels. March 1997. Best Current Practice. URL: Bradner. IETF. March 1997. Best Current Practice. URL:
https://tools.ietf.org/html/rfc2119 https://tools.ietf.org/html/rfc2119
[RFC3986] [RFC3986]
T. Berners-Lee; R. Fielding; L. Masinter. Uniform Resource Uniform Resource Identifier (URI): Generic Syntax. T. Berners-Lee;
Identifier (URI): Generic Syntax. January 2005. Internet Standard. R. Fielding; L. Masinter. IETF. January 2005. Internet Standard.
URL: https://tools.ietf.org/html/rfc3986 URL: https://tools.ietf.org/html/rfc3986
[RFC5234] [RFC5234]
D. Crocker, Ed.; P. Overell. Augmented BNF for Syntax Augmented BNF for Syntax Specifications: ABNF. D. Crocker, Ed.; P.
Specifications: ABNF. January 2008. Internet Standard. URL: Overell. IETF. January 2008. Internet Standard. URL:
https://tools.ietf.org/html/rfc5234 https://tools.ietf.org/html/rfc5234
[RFC6265] [RFC6265]
A. Barth. HTTP State Management Mechanism. April 2011. Proposed HTTP State Management Mechanism. A. Barth. IETF. April 2011.
Standard. URL: https://tools.ietf.org/html/rfc6265 Proposed Standard. URL: https://tools.ietf.org/html/rfc6265
[RFC7159] [RFC7159]
T. Bray, Ed.. The JavaScript Object Notation (JSON) Data The JavaScript Object Notation (JSON) Data Interchange Format. T.
Interchange Format. March 2014. Proposed Standard. URL: Bray, Ed.. IETF. March 2014. Proposed Standard. URL:
https://tools.ietf.org/html/rfc7159 https://tools.ietf.org/html/rfc7159
[RFC7230] [RFC7230]
R. Fielding, Ed.; J. Reschke, Ed.. Hypertext Transfer Protocol Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and
(HTTP/1.1): Message Syntax and Routing. June 2014. Proposed Routing. R. Fielding, Ed.; J. Reschke, Ed.. IETF. June 2014.
Standard. URL: https://tools.ietf.org/html/rfc7230 Proposed Standard. URL: https://tools.ietf.org/html/rfc7230
[RFC7231] [RFC7231]
R. Fielding, Ed.; J. Reschke, Ed.. Hypertext Transfer Protocol Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content. R.
(HTTP/1.1): Semantics and Content. June 2014. Proposed Standard. Fielding, Ed.; J. Reschke, Ed.. IETF. June 2014. Proposed
URL: https://tools.ietf.org/html/rfc7231 Standard. URL: https://tools.ietf.org/html/rfc7231
[RFC7234] [RFC7234]
R. Fielding, Ed.; M. Nottingham, Ed.; J. Reschke, Ed.. Hypertext Hypertext Transfer Protocol (HTTP/1.1): Caching. R. Fielding, Ed.;
Transfer Protocol (HTTP/1.1): Caching. June 2014. Proposed M. Nottingham, Ed.; J. Reschke, Ed.. IETF. June 2014. Proposed
Standard. URL: https://tools.ietf.org/html/rfc7234 Standard. URL: https://tools.ietf.org/html/rfc7234
[WEBIDL] [WEBIDL]
Cameron McCormack; Boris Zbarsky. WebIDL Level 1. 4 August 2015. Web IDL. Cameron McCormack; Boris Zbarsky; Tobie Langel. W3C. 15
W3C Working Draft. URL: http://www.w3.org/TR/WebIDL-1/ December 2016. W3C Working Draft. URL:
https://www.w3.org/TR/WebIDL-1/
C.2 Informative references C.2 Informative references
[KnowPrivacy] [KnowPrivacy]
Joshua Gomez; Travis Pinnick; Ashkan Soltani. KnowPrivacy. 1 June KnowPrivacy. Joshua Gomez; Travis Pinnick; Ashkan Soltani. UC
2009. URL: Berkeley, School of Information. 01 Jun 2009. URL:
http://www.knowprivacy.org/report/KnowPrivacy_Final_Report.pdf http://www.knowprivacy.org/report/KnowPrivacy_Final_Report.pdf
[Orderly] [Orderly]
Lloyd Hilaiel. Orderly JSON. 10 Feb 2015. URL: Orderly JSON. Lloyd Hilaiel.10 Feb 2015. URL:
http://orderly-json.org/ http://orderly-json.org/
[RFC5785] [RFC5785]
M. Nottingham; E. Hammer-Lahav. Defining Well-Known Uniform Defining Well-Known Uniform Resource Identifiers (URIs). M.
Resource Identifiers (URIs). April 2010. Proposed Standard. URL: Nottingham; E. Hammer-Lahav. IETF. April 2010. Proposed Standard.
https://tools.ietf.org/html/rfc5785 URL: https://tools.ietf.org/html/rfc5785
[RFC6570] [RFC6570]
J. Gregorio; R. Fielding; M. Hadley; M. Nottingham; D. Orchard. URI Template. J. Gregorio; R. Fielding; M. Hadley; M. Nottingham;
URI Template. March 2012. Proposed Standard. URL: D. Orchard. IETF. March 2012. Proposed Standard. URL:
https://tools.ietf.org/html/rfc6570 https://tools.ietf.org/html/rfc6570
[TCS] [TCS]
Nick Doty; Heather West; Justin Brookman; Sean Harvey; Erica Tracking Compliance and Scope. Nick Doty; Heather West; Justin
Newland. Tracking Compliance and Scope. 14 July 2015. W3C Last Brookman; Sean Harvey; Erica Newland. W3C. 31 March 2015. W3C
Call Working Draft. URL: http://www.w3.org/TR/tracking-compliance/ Working Draft. URL: https://www.w3.org/TR/tracking-compliance/
 End of changes. 71 change blocks. 
210 lines changed or deleted 199 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/