I hope they do decide to add the HTTP header to disable FLoC by default, unless site admins specifically opt in. From the discussion I've seen, it hasn't been decided for sure yet.

Proposal: Treat FLoC like a security concern - https://make.wordpress.org/core/2021/04/18/proposal-treat-fl...

Consider implications of FLoC and any actions to be taken on the provider (WordPress) front - https://core.trac.wordpress.org/ticket/53069

> the browser is choosing to track users browser history and report a summary statistic on it to anyone who asks

It doesn't work that way at all.

We actually respected DNT at an ad tech company I worked at and people still gave us grief for "tracking" them. We literally just 200'd the request immediately for all DNT requests. No processing, no tracking, nothing.

Hilariously, I even opposed removing the code later because I wanted us to be a good citizen but it was practically dead code because people were still calling us evil. They could literally set their UA to play along (or use one that set it by default).

I think we always kept the code in but it only incurred cost and we got blamed anyway. I think, looking back, I should have just removed that piece of middleware since no user ever really cared. It wasn't worth it for the org to pay for code so I could have a clean conscience.

I've seen people say dnt could be ignored because it's off by default in some configurations(safari), and user did not make a choice. Would be interesting to see what kind of mental gymnastics these people would apply here to ignore user's opinion.

there is apparently no way to define a default disable either, so to turn off all the random features, the header becomes huge.

https://github.com/w3c/webappsec-permissions-policy/issues/1...

What is happening in w3c?!