Open Radar

 
Global Privacy Control [1] is a recently proposed Web standard that allows people to assert their state, country, or other judisdiction's "opt out of data collection or sales" rights, and better protect their privacy. It is recognized in several US states, and recognized by multiple country's legislation and regulations.

Tee Global Privacy Control spec has two parts: a HTTP header (`Sec-GPC: 1` [2]) and a Web API property (`navigator.globalPrivacyControl = true` [3]).

It is currently not possible to fully and correctly implement GPC as a WKWebView embedder. 

First, there is no way for a WKWebView embedder to reliably include the `Sec-GPC` header on requests. The closest that is currently possible is to catch a request, cancel it, modify it, and then reissuing it, but this has rare-but-real webcompat risks, since canceling and reissuing a request can modify state (sessionStorage, etc).

Second, there is currently no way for a WKWebView embedder to reliably include the `navigator.globalPrivacyControl` property in worker environments (since there is no way or an embedded to confidently modify a worker environment before page script runs).

It’s possible to more fully implement GPC using the Safari extension API, but that API is unfortunately not available to WKWebView embedders.

1: https://globalprivacycontrol.org/
2: https://privacycg.github.io/gpc-spec/#the-sec-gpc-header-field-for-http-requests
3: https://privacycg.github.io/gpc-spec/#javascript-property-to-detect-preference