Sec-GPC

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

Non-standard: This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.

The Sec-GPC (Global Privacy Control) request header indicates whether the user consents to a website or service selling or sharing their personal information with third parties.

Header type Request header
Forbidden header name yes

Syntax

Sec-GPC: 1

Directives

If Sec-GPC is enabled the header is sent with a value of 1 indicating the user prefers their information not be shared with or sold to third parties. Otherwise, the header is not sent to indicate the user has not made a decision or the user is okay with their information being shared with or sold to third parties.

Examples

Reading Global Privacy Control status from JavaScript

The user's GPC preference can also be read from JavaScript using the Navigator.globalPrivacyControl property:

navigator.globalPrivacyControl; // "0" or "1"

Specifications

No specification found

No specification data found for http.headers.Sec-GPC.
Check for problems with this page or contribute a missing spec_url to mdn/browser-compat-data. Also make sure the specification is included in w3c/browser-specs.

Browser compatibility

BCD tables only load in the browser

See also