FeaturePolicy type header so top level site can ask for maximum privacy implementation #56
Comments
michael-oneill
changed the title
|
This is a dupe of #12, no? @michael-oneill |
|
That would depend on how we do the integration I think. |
|
A response header would let sites communicate to the browser that they rely on maximum protection from third-party requsests for storage, as they have no control over a third-party other than not to render it. If sites could rely on browsers to implement data protection measures they do not have to do it. The corollary is important also because sites would need a positive indication that the measures were in place. |
|
Closed by #78 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be useful for sites to ask browsers (via a response header), for a maximum privacy implementation by browsers for their embedded third-parties access to storage.
Some browsers may not default to prompting for all storage access requests, and sites may have to take further action if they are made aware of that.
This is so sites can rely on browsers to implement consent prompts for third-part storage access so top level sites do not have to, as they do under GDPR/ePrivacy. It could also be a way for sites to ensure they are respecting a user's opt-out, either via the site UI or a browser/device setting as implied by the CCPA AG regulations.
This could also help remove the need for cookie consent banners in Europe.
A corollary could be a request header that indicates the current privacy mode. A top-level site would
know that a browser instance will prompt the user for storage access if this request header is present.
The text was updated successfully, but these errors were encountered: