In an effort to improve security on the client-side modern browsers have introduced a means to allow for web applications request a client to remove persisted data. Of course, not supported in any version of MSIE or Safari, but all modern browsers Chrome 61+, Edge 79+, Firefox 63+ support.
This approach can be useful at logoff or session invalidation to remove data from the client-side, particularly in cases of persistent or reflected XSS.
Clear-Site-Data: “cache”, “cookies”, “storage”, “executionContexts”
GPC is the latest attempt at allowing customers to specify how their browsing data is to be shared online, the previous attempt referred to as DNT was a relative failure.
Like with DNT, once the user specifies their preference the browser adds an additional HTTP request header:
const gpcValue = navigator.globalPrivacyControl
Additionally, websites can define that they respect the GPC request by posting a file in a file /.well-known/gpc.json
GPC is currently implemented by default in:
Brave = https://spreadprivacy.com/global-privacy-control-enabled-by-default/
In Firefox, you currently have to enable it manually:
about:config globalprivacycontrol boolean true