Opt your website out of FLoC


by Antoine - categories : Privacy

Federated Learning of Cohorts (FLoC) is a new Google tracking initiative for advertising. It aims at replacing third-party cookies with a new user profiling using data generated by the user's browser.

FLOC

FLoC profiling begins in the Google Chrome browser. Hence, and so far, the #1 step to keep distances with FLoC in everyday life is to switch from Chrome to any browser that is not (yet ?) part of it, like Chromium, Brave, Opera... or Mozilla Firefox, which will most likely never going to be part of it.

The Electronic Frontier Fondation pushed online a tool for users to check if they are beeing FLoCed by their browser : https://amifloced.org

That being said for the users side, on the servers side, any website server that didn't explicitely opt out FLoC initiative, is actually part of it. How ? Well, by default, any web server can access the FLoC API and is therefore FLoC-compliant.

Opt me out

Nullify that is extremely simple, the following HTTP response header must be added :

Permissions-Policy: interest-cohort=()

Nginx

Edit nginx.conf and add the given header to root location. If nginx runs multiple websites, this must be added for every "server" block :

server {
  location / {
    add_header Permissions-Policy interest-cohort=();
  }
}

Restart nginx (example below with systemd) :

systemctl restart nginx

Apache

Edit .htaccess file :

<IfModule mod_headers.c>
  Header always set Permissions-Policy: interest-cohort=()
</IfModule>

Restart apache :

systemctl restart apache2

Be the first to comment 🡮

2