Skip to content

Sec-GPC

Description

The Sec-GPC (Global Privacy Control) request header is an HTTP header that allows users to signal their privacy preferences to websites regarding the collection and sale of their personal data. It is designed to comply with privacy regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).

When a browser or device sends the Sec-GPC header, it indicates that the user has opted out of data sharing or sale, enabling websites to respect privacy preferences automatically. This header is typically enabled by privacy-focused browsers and extensions.

The Sec-GPC header has a single value:

  • 1: Indicates that the user has enabled Global Privacy Control (GPC) and does not wish their data to be shared or sold.

Syntax

The Sec-GPC header follows this syntax:

Sec-GPC: 1

If the header is included in a request, it means the user has enabled the GPC setting in their browser or privacy extension.

Examples

Basic Usage in HTTP Requests

When a browser that supports GPC sends a request to a website, it includes the Sec-GPC header:

GET /user-profile HTTP/1.1
Host: example.com
Sec-GPC: 1

This informs the server that the user has opted out of data tracking and sharing.

Summary

The Sec-GPC request header is a privacy-focused mechanism that allows users to express their preference for not having their data shared or sold. While compliance with this header is voluntary, it is gaining support from privacy-conscious browsers and regulatory frameworks. Websites should respect this signal to enhance user privacy and comply with relevant laws.