Do Not Track Headers in PHP

August 24, 2011
Within the past few months, Mozilla, the creators of the Firefox Web Browser, have added a new feature called "Do Not Track" to their browsers.

Internet Explorer, Safari, and Opera have followed suit, with Chrome requiring some sort of add-on for it. This header is intended to let websites know when you do not want sites to track your usage. This is different from using sessions or cookies to maintain concurrency on your site, which is still allowed.

Setting this option in Firefox is really easy:
Firefox Do Not Track


Other browsers (like IE) aren't quite as intuitive.

How it works

Every webpage request is constructed of various request headers. These headers specify various bits of information about your browser, such as what language you're accustomed to speaking, whether or not the site can use compression, and so on. When the Do Not Track header is specified, a header of DNT=1 is also sent.

There is no legal requirement at the time of writing to state this must be respected or not, however congress (and other legal bodies) are pushing for this to mean more than just a check box on a browser.

How to work with Do Not Track Headers

For those who work with PHP on a regular basis, you may be shocked to find out there's not some php_do_not_track_this_person($tons,$of,$parameters) function out there... Well, PHP does have a ton of functions, but sometimes you have to make your own.

Below there is a do_not_track() function designed to return TRUE if the do not track (DNT) header is set (i.e. don't track this user), or FALSE on either failure to detect the header, or no DNT.

Usage: bool do_not_track (void)

Download Original
  1. <?PHP
  2. function do_not_track()
  3. 	{
  4. 	if (isset($_SERVER['HTTP_DNT']))
  5. 		{
  6. 		if ($_SERVER['HTTP_DNT']==1)
  7. 			RETURN TRUE;
  8. 		}
  9. 	elseif (function_exists('getallheaders'))
  10. 		{
  11. 		foreach (getallheaders() as $k => $v)
  12. 			{
  13. 			if (strtolower($k)==="dnt" && $v==1)
  14. 				RETURN TRUE;
  15. 			}
  16. 		}
  17. 	RETURN FALSE;
  18. 	}
  19. ?>


This function takes care of the case-insensitivity allowed in HTTP Headers (per the IETF's RFC2616 (HTTP 1.1)), it also works on most (if not all) server architectures. The function getallheaders() is an Apache-Only function, however often times the DNT header can be found within the $_SERVER array, so that is checked first for efficiency.

Name:

No comments yet! Be the first!