
Why can't we use a HTTP request header to get rid of all cookie consent popups? - Roark66
I suspect I&#x27;m not the only person annoyed by all the GDPR cookie and tracking consent popups every single site now has. Many sites even go as far as to not give a &quot;No&quot; answer option. You only have &quot;Agree to all tracking&quot; and &quot;Configure&quot; and when you click Configure it sends you down a rabbit hole of wasted time so most users simply click &quot;Agree&quot; to get rid of the damn annoyance.<p>It would be hugely better to simply set some setting in your browser that would send a request header to every web site you visit that contains your GDPR preferences. Then every site would have to comply with this by default.<p>This could be a general purpose header that could send various user preferences, for example it could also tell the website the end user is a child under 13 years of age so the site wouldn&#x27;t collect certain stats automatically to comply with US Coppa law.<p>To me this is an obvious solution that would be a lot easier to implement than all those GDPR popups and it would result in a much better usage. What do people think? Should HTTP standard be updated with such header? Or are there any disadvantages of this approach I&#x27;m not thinking about?
======
petercooper
I entirely agree but the laws get in the way of such a "blanket" approval as
it's about notification as much as approval.

The laws _require_ that sites notify you specifically about how _they each_
use cookies which varies hugely from site to site.. accepting a universal
approval wouldn't allow such specialized notification on a site by site basis.

~~~
Roark66
Hmm, good point. However, I imagine one of the header's features could be
enabling/disabling those notifications based on user preferences.

Also, many people (including me) would probably set their browsers to
equivalent of answering "no" to current tracking questions so the
notifications wouldn't be required if I understand the law correctly.

------
Juliate
[https://en.wikipedia.org/wiki/Do_Not_Track](https://en.wikipedia.org/wiki/Do_Not_Track)
was a first attempt at this, somehow.

~~~
Roark66
I think it would be much better if the name and purpose of the header was
something like: "tracking preferences" or even "user preferences". This way it
wouldn't be just binary track/do not track, but could allow more
customisation. For example user classification as a child for US Coppa law
purpose.

------
Nextgrid
These popups are not actually GDPR compliant.

The GDPR mandates that consent should be opt-in (tracking can only begin when
the user says yes) and consent should be given freely so the user should not
be inconvenienced if they refuse.

However regarding your idea, it's already been tried with the Do Not Track
header - the ad-tech scum ended up using it as an extra data point for browser
fingerprinting, which meant that opting out of tracking actually made tracking
you even easier.

