If I understand correctly, DNT is being deprecated in favor of a new proposal, "Global Privacy Control": https://w3c.github.io/gpc/
So instead of sending the header:
DNT: 1
Firefox will now optionally (via a different setting than was used for DNT) send:
Sec-GPC: 1
I'm unclear on why anyone thinks this is a useful change. As a website owner who previously implemented anonymization code activated in the presence of a DNT header, I guess I can add code to also look for Sec-GPC, but this feels like churn for the sake of churn.
It also feels ridiculous that Mozilla can't just send both headers if the same browser preference is checked, rather than requiring websites to look for both. I get that they want stronger promises around "Sec-GPC" than around "DNT", but the latter is a subset of the former, so why not update the client-side checkbox description, and then send both?
So instead of sending the header:
DNT: 1
Firefox will now optionally (via a different setting than was used for DNT) send:
Sec-GPC: 1
I'm unclear on why anyone thinks this is a useful change. As a website owner who previously implemented anonymization code activated in the presence of a DNT header, I guess I can add code to also look for Sec-GPC, but this feels like churn for the sake of churn.
It also feels ridiculous that Mozilla can't just send both headers if the same browser preference is checked, rather than requiring websites to look for both. I get that they want stronger promises around "Sec-GPC" than around "DNT", but the latter is a subset of the former, so why not update the client-side checkbox description, and then send both?