Sec-GPC
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
Non-standard: This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.
The Sec-GPC (Global Privacy Control) request header indicates whether the user consents to a website or service selling or sharing their personal information with third parties.
The specification does not define how the user can withdraw or grant consent for website. Where possible the mechanism will be indicated in the browser compatibility section below.
| Header type | Request header |
|---|---|
| Forbidden header name | yes |
Syntax
Sec-GPC: 1
Directives
The Sec-GPC is header is sent with a value of 1 if the user has indicated that they prefer their information not be shared with, or sold to, third parties.
Otherwise, the header is not sent, which indicates that either the user has not made a decision or the user is okay with their information being shared with or sold to third parties.
Examples
Reading Global Privacy Control status from JavaScript
The user's GPC preference can also be read from JavaScript using the Navigator.globalPrivacyControl or WorkerNavigator.globalPrivacyControl property:
navigator.globalPrivacyControl; // "false" or "true"
Specifications
| Specification |
|---|
| Global Privacy Control (GPC) |
Browser compatibility
BCD tables only load in the browser