Guide
What Is Global Privacy Control?
Global Privacy Control, usually shortened to GPC, is a browser-based privacy preference that can tell a website the user wants an applicable sale or sharing opt-out honored. A common signal looks like Sec-GPC: 1 in the request (Global Privacy Control, W3C GPC Spec).
What It Means In Practice
GPC is not just a browser blocking trackers locally. It can also be a message from the browser to the website saying the user has expressed a privacy preference. A website team may need site-side logic to notice that signal and change behavior where the law requires it (Global Privacy Control).
Why It Matters For US Privacy Reviews
In California-style privacy regimes, opt-out preference signals can matter when a business is engaged in sale, sharing, or targeted-advertising behavior that falls under the relevant rules. That means a US-facing site with tracking still may need to think about GPC handling, not just privacy notices and deletion forms (Global Privacy Control, Mozilla).
Browser Examples
Privacy-oriented browsers or tools such as Brave, DuckDuckGo's browser, and Firefox can expose GPC-style behavior. The exact implementation can vary, but the core idea is the same: the user's browser communicates a privacy preference rather than relying only on a footer link click (Brave, DuckDuckGo, Mozilla).
What Olite Looks For Today
Today Olite treats GPC mostly as a public signal question. For US-only privacy reviews, the scanner can flag when tracking is present but there is no visible cue that browser-based privacy preference signals or GPC handling are recognized.
What A Stronger Check Looks Like Later
The deeper desktop check is not just reading text. It is comparing runtime behavior. That means asking whether trackers, cookies, consent state, or opt-out state actually change when a browser privacy preference is present.
- Do trackers still load the same way?
- Does the site change opt-out state or privacy center state?
- Are cookies or requests reduced?
- Does the UI acknowledge the browser signal?
That is the difference between a public notice check and a real runtime privacy-behavior check.