Sec-GPC

Limited availability

This feature is not Baseline because it does not work in some of the most widely-used browsers.

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP Sec-GPC request header is part of the Global Privacy Control (GPC) mechanism to indicate whether the user consents to a website or service selling or sharing their personal information with third parties.

The specification does not define how the user can withdraw or grant consent for website.

Header type Request header
Forbidden header name Yes (Sec- prefix)

Syntax

http
Sec-GPC: <preference>

Directives

<preference>

A value of 1 means the user has indicated that they prefer their information not be shared with, or sold to, third parties. Otherwise, the header is not sent, which indicates that either the user has not made a decision or the user is okay with their information being shared with or sold to third parties.

Examples

Reading Global Privacy Control status from JavaScript

The user's GPC preference can also be read from JavaScript using the Navigator.globalPrivacyControl or WorkerNavigator.globalPrivacyControl property:

js
navigator.globalPrivacyControl; // "false" or "true"

Specifications

Specification
Unknown specification

Browser compatibility

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
Sec-GPC
Experimental

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support
No support
No support
Experimental. Expect behavior to change in the future.
See implementation notes.

See also