Step-by-step help to master cookie compliance

Guides

Global Privacy Control

All You Need to Know about Global Privacy Control

It's a common practice among online businesses to sell or “share” website users' personal information. Asking websites or apps not to sell or share your personal information needs searching through each company website for a “Do not sell my data” button and then submitting this request to the company. California consumers have some protection for their data under the California Consumer Privacy Act (CCPA), while if you live elsewhere, companies are not obliged not to sell your data.

Global Privacy Control (GPC) is an initiative to solve the problem and lays down the groundwork for easier management of personal data.

CookieScript already supports the GPC signal through the Consent Management Platform. The websites can automatically accept the user’s GPC signal choices, so if you activate it, your website users will have all the benefits the GPC provides.

What is the Global Privacy Control?

Global privacy control (GPC) is a browser setting that notifies website owners of users' privacy preferences regarding selling or sharing their personal information. GPC is an initiative to create a global technical specification that permits website users to control their privacy. These user privacy preferences are then transmitted as a signal to every website they visit, indicating their choices, including the choice of cookie usage, data sale or sharing, and targeted advertising. GPC enables website users to inform about their privacy preferences for all websites at once without manually setting their preferences for each website.

The main purpose of the GPC is to inform websites not to sell or share user personal data, that could be used for targeted advertising. This is different from other privacy laws that can limit user tracking but could still allow the selling or sharing of user data with third parties.

This universal privacy control initiative is being pushed by a coalition of stakeholders including technology companies, browsers, web publishers, and civil rights organizations. The privacy standard is respected by leading news websites in the USA such as The New York Times and Financial Times.

The data sharing that GPC addresses go beyond website browsing. The GPC is expected to cut down on junk mail, calls and faxes. 

Visit the official website of the Global Privacy Control.

How does GPC Work?

First, users have to set up the Global Privacy Control signal on their browsers. When users have set it up, GPC sends a signal from users’ browsers or devices to websites, communicating that users do not allow their data to be sold or shared. Businesses receiving this signal must recognize GPC as a valid opt-out mechanism according to the privacy laws in their jurisdiction.

When a user enables the GPC signal and visits websites that recognize it, the user is automatically opted out of the sale or sharing of their personal data and targeted advertising.

Here’s how GPC works:

  1. GPC activation by a user: Website users have to turn on GPC in their browsers or install browser extensions.
  2. Signal transmission: When the user visits a website, the GPC signal is sent automatically to the website.
  3. Website response: The website detects the GPC signal and automatically disables the sale or sharing of user data.
  4. Legal compliance: Companies running websites must respect the signal and process the user’s data accordingly.

Browser Support for GPC and GPC Extensions

The majority of modern browsers support GPC. However, different browsers offer different levels of support for GPC. Thus, both users and companies should understand how it works and choose the right browser.

As of 2025, these web browsers support GPC without any plugins:

  • Mozilla Firefox
  • Brave
  • DuckDuckGo
  • Librewolf (a Firefox deviation focused on privacy)

 

Other popular browsers have varying levels of GPC support:

  • Microsoft Edge: GPC is not enabled natively. Users can enable GPC through extensions.
  • Safari: Apple has not yet implemented GPC natively. Users can enable GPC through extensions.

 

Google Chrome and Chromium-based browsers like Edge, Opera, Vivaldi do not support GPC by default. Users must use extensions or custom headers must be used to enable GPC.

Browser extensions for GPC include the following ones:

How to Enable GPC?

The simplest way to enable the GPC standard is to use web browsers that already have built-in the GPC signal. These browsers include Firefox Nightly, Brave, and DuckDuckGo. Other browsers like Chrome do not support GPC at the moment.

There are also browser plugins for GPC, including Abine, Disconnect, OptMeowt, and Privacy Badger. These plugins could be used for Chrome, Internet Explorer, and other web browsers to enable GPC.

The third option to enable GPC is by using custom headers.

How to Enable GPC with Custom Headers?

To enable Global Privacy Control in a browser that doesn't support it natively (Chrome and Chromium-based browsers), you can simulate it by adding a custom HTTP header to your requests.

GPC uses the following HTTP request header:

makefile
Sec-GPC: 1

This signals that the user does not want their personal data to be sold or shared.

How to add GPC with custom headers in Chrome?

Since Chrome and Chromium-based browsers doesn’t allow setting custom headers globally through the browser UI, you should use a browser extension to do the task.

Method 1: use "ModHeader" extension

  1. Install ModHeader from the Chrome Web Store.
  2. Open the ModHeader panel.
  3. Add a new header: 
    Name: Sec-GPC
    Value: 1
  4. Add conditions to apply only to specific domains or pages (optional).

Method 2: use a proxy or developer tool (advanced)

If you're developing or debugging:

Use Postman, curl, or browser dev tools to manually add Sec-GPC: 1 to your test requests.

Example with curl:

bash
curl -H "Sec-GPC: 1" https://your-webisite.com

How to Check if GPC Is Working?

After downloading a web browser or a plugin with the GPC signal, do not forget to check if the GPC signal really works on your website.

To check if GPC is really working working on the browser you are using, open a new browser tab and visit the official GPC test site:

You should see a green light at the top of the page that says GPC signal detected. If you see it, that means GPC is sending out its “Do not sell my data” instructions on your behalf.

Privacy Compliance and GPC

Most privacy laws around the world require recognizing GPC to maintain compliance with the laws.

CCPA and Global Privacy Control

The CCPA was the first data privacy law in the USA to implement implement GPC. GPC allows easily respecting California consumer opt-out of sale requests. GPC is an acceptable method of opt-out request under the CCPA for not selling or sharing website users' private data. California Attorney General Rob Bonta informed that under the CCPA, companies are expected to deal with the GPC signal in the same way as with any other do-not-sell request from consumers.

The California Attorney General's office writes: “Under the law, it must be honored by covered businesses as a valid consumer request to stop the sale of personal information”. This explanation is important since previously many companies have ignored the GPC signal, making it a not-so-effective tool.

Beyond California, other US states also have enacted privacy laws that emphasize consumer rights and respect GPC. See the list of all US states that require recognizing the GPC or a comparable universal opt-out mechanism.

  • California
  • Colorado
  • Connecticut
  • Delaware
  • Maryland
  • Minnesota
  • Montana
  • Nebraska
  • New Hampshire
  • New Jersey
  • Oregon
  • Texas

GDPR and Global Privacy Control

While the GDPR doesn’t specifically mention GPC, it shares common principles with the initiative towards user data privacy. The GDPR emphasizes user consent and the right to object to data processing. These principles are respected by GPC.

Thus, to maintain GPDR compliance, websites must recognize GPC since the signal expresses a general request for not selling or sharing personal information with third parties.

How CookieScript Can Help with GPC?

CookieScript supports the GPC signal through the Consent Management Platform. As a result, websites, using CookieScript CMP, can automatically accept the user’s GPC signal choices.

See the guide on how to enable the GPC signal.

CookieScript is also officially certified by the Interactive Advertising Bureau (IAB) Europe and comes with a full IAB Europe Transparency & Consent Framework (TCF) 2.2 framework integration. IAB TCF 2.2 allows businesses to conduct targeted advertisements and be GDPR compliant at the same time.

Geo-targeting and custom opt-out banner: The geo-targeting feature of CookieScript determines your website user location and automatically presents the correct compliance solution. Depending on the user's jurisdiction, CookieScript CMP displays a fully customizable opt-out banner to support compliance with the relevant privacy law.

So by enabling the GPC signal and IAB TCF 2.2, your website could easily comply with the CCPAGDPR, and other privacy laws that require to recognize the GPC signal.

 

Register for free Show pricing plans

 

Frequently Asked Questions

What is the GPC signal?

Global Privacy Control (GPC) is a browser setting that notifies website owners of users' privacy preferences regarding selling or sharing their personal information. The main purpose of the GPC is to inform websites not to sell or share user personal data. Use CookieScript CMP to activate the GPC signal.

How to enable GPC?

First, to enable Global Privacy Control (GPC), use web browsers that already have built-in GPC, like Firefox Nightly, Brave, DuckDuckGo, and Librewolf; or download browser plugins for GPC, including Abine, Disconnect, OptMeowt, and Privacy Badger. Second, use a CMP like CookieScript that supports GPC. See the CookieScript guide on how to enable the GPC signal. To make sure GPC is turned on, check thet it works at https://globalprivacycontrol.org/.

What is a GPC browser?

Global Privacy Control (GPC) is a proposed standard to create a global technical specification that allows users to control their privacy. Firefox Nightly, Brave, DuckDuckGo, and Librewolf browsers have natively built-in the GPC signal, so the users do not need to search through each company website for a “Do not sell my data” button and then submit this request to the company.

What are GPC cookies?

Global Privacy Control (GPC) allows users to notify website owners of their privacy preferences regarding selling or sharing their personal information through their browsers. Once activated, the GPC is sending out its “Do not sell my data” instructions on your behalf every time you visit a new web page, so you do not need to use cookies for each website. Use a CMP like CookieScript that supports GPC.

ON THIS PAGE

New to CookieScript?

CookieScript helps to make the website ePrivacy and GDPR compliant.

We have all the necessary tools to comply with the latest privacy policy regulations: third-party script management, consent recording, monthly website scans, automatic cookie categorization, cookie declaration automatic update, translations to 34 languages, and much more.