Global Privacy Control
Global Privacy Control (GPC) is a browser signal that tells sites a visitor
does not want their data sold or shared. OptSens reads it from
navigator.globalPrivacyControl and acts on it based on the region.
What OptSens does on the wire
OptSens checks navigator.globalPrivacyControl during init, and reads the
older Do Not Track signal the same way. How it responds
depends on the regulation that applies to the visitor:
| Regulation | GPC behavior |
|---|---|
| CCPA / US | Legally binding. Auto-opt-out of sale and sharing, no first-load banner needed |
| GDPR / LGPD | Treated as a signal only. The banner shows as normal and nothing is granted without an explicit choice |
In a CCPA region with GPC present, OptSens records a reject-all consent state,
marks the consent as GPC-detected and GPC-honored, and skips the first-load
banner. The widget still mounts and the visitor can reopen preferences. This
state flows through to the
GPP US Privacy section and __uspapi, and the sale opt-out is signaled to ad tech.
How to enable it
GPC handling has no Frameworks toggle. Two settings control it: the global privacy-signals switch in Privacy Settings, and a per-region Respect GPC / DNT signals option inside each geo rule, on by default. Make sure your CCPA region is configured. GPC is then honored as an opt-out for those visitors. See CCPA / CPRA.
How to verify it
First confirm your browser is sending the signal:
console.log(navigator.globalPrivacyControl);
This reads true when GPC is enabled (for example, with a privacy extension or
a browser that ships GPC). If it is undefined, the browser is not sending the
signal and there is nothing for OptSens to honor.
On a CCPA page with GPC on, check that OptSens recorded the opt-out:
console.log(OptSens.consent);
The state has gpc_detected and gpc_honored set to true, with
advertising denied. See window.OptSens.