Respect the privacy settings of your website visitors by disabling tracking features if requested through their “Do Not Track” browser setting.

You might have seen the setting in your browser that allows you to “opt-out” of all sorts of tracking software. And if you’re privacy conscious you have it enabled in your browser.

Google Chrome Privacy Settings

But what is this setting and how can you make use of it in your web applications?

Do not track

This is a setting you will find in all major browsers to indicate on websites, advertisers and social media plugins that you don’t like them to track you.

Once enabled in your browser settings, your browser will add the following header to all your requests.

An example request header:

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-GB,en;q=0.8,en-US;q=0.6,nl;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
DNT:1
Host:www.in2it.be
Referer:https://www.in2it.be/
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (<script>alert('You should filter input');</script>)

It’s not a regulation everyone needs to implement, but more a “best practice” if you care about the privacy of your visitors. All major advertising companies like Google and Facebook are respecting this browser setting in their advertising solutions, but that doesn’t mean they’re not collecting data from sites that have implemented their like, follow or plus buttons.

DNT in PHP

In PHP it’s very simple to detect this HTTP header using $_SERVER[‘HTTP_DNT’].

Apache Environment settings with phpinfo

Now you know how you can read the DNT header in PHP, but how should you use it?

<?php
/**
 * Functionality to verify if "Do not track" is set
 * in the browser configuration.
 */
if (array_key_exists('HTTP_DNT', $_SERVER) && (1 === (int) $_SERVER['HTTP_DNT'])) {
    echo 'Do not track me enabled';
} else {
    echo 'Do not track me disabled';
}

As you see, it’s just a few lines to detect if your visitor cares about privacy.

Google Analytics

Most website owners have Google Analytics enabled to gather information about the usage of visitors on their website. Mostly this is to analyse the usage of their website and finding out where they can improve their content to attract more, retain longer and sell more to their visitors. Google is clear about the “Do Not Track” feature in Chrome:

When you browse the web on computers or Android devices, you can send a request to websites not to collect or track your browsing data. It’s turned off by default.

However, what happens to your data depends on how a website responds to the request. Many websites will still collect and use your browsing data to improve security, provide content, services, ads and recommendations on their websites, and generate reporting statistics.

Chrome doesn’t provide details of which websites and web services respect Do Not Track requests and how websites interpret them.

To ensure your visitors are not tracked by Google Analyitics you can copy/paste the following PHP code in your web application. Make sure you replace GA_TRACKING_ID with your own tracking ID! More information on Google Analytics Help site.

<?php if (!array_key_exists('HTTP_DNT', $_SERVER) || (1 !== (int) $_SERVER['HTTP_DNT'])): ?>
<!-- Global Site Tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA_TRACKING_ID"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments)};
  gtag('js', new Date());

  gtag('config', 'GA_TRACKING_ID');
</script>
<?php endif ?>

This will ensure that the Google Analytics code is only displayed when DNT is not enabled. Of course you can use this in your WordPress blog, your PHP framework view helper, Twig template or Blade too!

We have enabled this logic on our website. Check our source code and see for yourself.

<!-- Analytics disabled by user "Do Not Track" browser setting -->

Start creating a better experience for your visitors with respect for privacy settings and look for the “Do Not Track” settings!


Michelangelo van Dam

Michelangelo van Dam is a senior PHP architect, PHP community leader and international conference speaker with many contributions to PHP projects and community events.

Your account will be closed and all data will be permanently deleted and cannot be recovered. Are you sure?