Global Privacy Control (GPC)
A browser-level signal that communicates a user’s preference to opt out of the sale or sharing of their personal information.
Global Privacy Control (GPC) is a technical specification that allows users to signal their privacy preferences through their web browser or browser extension. When enabled, GPC sends an HTTP header (Sec-GPC: 1) and JavaScript property (navigator.globalPrivacyControl = true) with every web request, indicating that the user does not want their personal information sold or shared. The signal is recognized as a legally valid opt-out mechanism under the CCPA/CPRA, and the California Attorney General has taken enforcement action against businesses that failed to honor it.
GPC represents a shift toward automated, universal privacy preferences rather than requiring users to opt out on every individual website. Under the CCPA and CPRA, businesses must treat a GPC signal as a valid request to opt out of the sale and sharing of personal information. Other jurisdictions are considering similar recognition — Colorado’s privacy law, for example, also requires honoring universal opt-out mechanisms. For website operators, implementing GPC support means detecting the signal on page load and automatically applying the user’s opt-out preference without requiring additional interaction with a consent banner.