Global Privacy Control (GPC) — a browser-level header and JavaScript signal that lets users automatically opt out of personal data sale or sharing without manually clicking opt-out links on every site they visit.
Detected via:
if (navigator.globalPrivacyControl === true) {
// honour the opt-out
}
Or via the Sec-GPC: 1 HTTP request header.
California's CPRA explicitly requires sites to honour GPC as a valid opt-out signal. Failing to honour it has been the subject of CPPA enforcement actions since 2023.
GPC is currently active in:
- DuckDuckGo browser (default on)
- Brave browser (default on)
- Firefox (with Privacy Badger extension or about:config flag)
- Chrome / Edge (via Privacy Badger or DuckDuckGo Privacy Essentials extensions)
Most cookie banners on Shopify do not honour GPC. Consentico does — for California visitors with GPC active, the banner auto-applies the opt-out before the visitor interacts.
See also: CCPA.