DNT status is not readable by JS (by design), so DNT cannot be implemented in the client. So all tracking calls are still made over the network. It is then up to the server processing those calls to drop them if the DNT header is present. Thus, there is no way for a user to verify that DNT is actually honored.
Hotjar is probably the only one (claiming to be) honoring DNT consistently. Luckily Hotjar is a SaaS where the customer cannot influence this decision. But for all other tracking solutions, whenever marketeers are given the option, they will always choose to ignore DNT.
If DNT is sent when loading the initial page it is totally possible to serve HTML that doesn't include the tracking scripts. If you load your tracking scripts you've already gone against your objective since even the initial HTTP request that loads the tracking library leaks the user's IP address and browser fingerprint back to the tracker.
This is not a defense of DNT by the way - it has other problems such as the increased fingerprinting surface, etc.
> DNT status is not readable by JS (by design), so DNT cannot be implemented in the client.
But the JS is served by a server, which can read the DNT header, so why can't it just write different JS based on the content of the header? It can be as simple as writing "let do_not_track = true;" if the header is present.
DNT status is not readable by JS (by design), so DNT cannot be implemented in the client. So all tracking calls are still made over the network. It is then up to the server processing those calls to drop them if the DNT header is present. Thus, there is no way for a user to verify that DNT is actually honored.
Hotjar is probably the only one (claiming to be) honoring DNT consistently. Luckily Hotjar is a SaaS where the customer cannot influence this decision. But for all other tracking solutions, whenever marketeers are given the option, they will always choose to ignore DNT.