[katsura]

As you suggested, the websites could send information about themselves and the browser then could decide locally. Then there is no data leak. Obviously not perfect, because just like how the cookie law is abused, people could abuse this system as well. But the browser passing around headers is not the solution.

[skybrian]

Another way to prevent a data leak would be for browsers to always fetch both web pages (with or without a child lock header) but obviously that doesn’t do what you want. It seems like what the browser displays is pretty important here and that goes beyond what gets disclosed in the original request.

Another way to look at it: a predator could make a website specifically for children and advertise it as such, while covertly doing something bad. How is that different? If they control the website, they can do what they want.

If you’re concerned about that then I think you need a whitelist of known good websites and you need to vet them by browsing it with the child lock turned on. Even then, it wouldn’t be hard to look harmless at first.