1. Home
  2. Forums Index
  3. WebmasterWorld / Website Regulatory Compliance 11:56 pm May 20, 2026

Forum Moderators: webwork

Message Too Old, No Replies

Do Not Track Policy

         

keyplyr

9:14 pm on Apr 29, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Those who watch their server logs may have started to see requests looking like this: 
173.239.79.*** - - [29/Apr/2018:01:05:07 -0700] "GET /.well-known/dnt-policy.txt HTTP/1.1" 200 4499 "-" "python-requests/2.4.3 CPython/3.4.2 Linux/3.16.0-5-amd64"

This is just one of the many agents looking for a text file outlining a company's Do Not Track Compliance Policy, typically in the /.well-known/ directory where security certs and other sensitive documents reside.

ISPs, Security Agencies, EU GDPR enforcement agents, etc will expect access to this file after May 25, 2018.


Related:

[w3.org...]

[raw.githubusercontent.com...]

- - -

lucy24

10:44 pm on Apr 29, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



the /.well-known/ directory where security certs and other sensitive documents reside
If my certificates live in .well-known, then I can only conclude that my host has aliased the directory to some entirely different location on the server, putting the whole thing out of my control.

keyplyr

11:04 pm on Apr 29, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



@ lucy24 - it's where is says it is, but hidden.

I redirect requests for dnt-policy.txt to where I can see it. The bots still look for it where they think it should be, but I give it to them from another place.

I do this with a couple other files that are supposed to be in the /.well-known/ directory. The cert still stays there because it's programed to update there. Don't mess with that :)

Only way to do it with this type of host it seems.

lucy24

12:23 am on Apr 30, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



it's where is says it is, but hidden
Well, ###. You mean my host has the power to make directories within my userspace invisible to me? Hmph.

Fetch prefs has an interesting phraseology, “hidden items whose names begin with a period”, implying that those are two separate factors, so there could be hidden items whose names do not begin with a period, or visible items whose names do begin with a period. Except that I’m pretty sure it doesn’t mean that at all, and it’s just the usual “hide/show items whose names begin with a period”.

keyplyr

1:01 am on Apr 30, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Back to topic...

Ignoring Do Not Track compliance risks violation of other GDPR requirements.

Do Not Track Compliance Policy can also be an HTML, PHP or similar file outlining compliance.

Additional help: How a site can comply with Do Not Track [baycloud.github.io]
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Regulatory Compliance 11:56 pm May 20, 2026