Mozilla removed the Do Not Track (DNT) toggle from Firefox’s standard settings starting with Firefox 135 (February 2025). The DNT header — a voluntary opt-out signal asking websites not to track users — was widely ignored by the industry and, paradoxically, could make browsers easier to fingerprint. Mozilla is redirecting users toward Global Privacy Control (GPC), a legally enforceable alternative already honoured under CCPA and GDPR in multiple jurisdictions.
Why DNT failed: a voluntary signal websites could ignore
Introduced in 2009, Do Not Track worked by sending an HTTP header with each browser request, asking websites not to track the user. The mechanism was always voluntary — websites faced no legal obligation to honour it, and the vast majority chose not to. Without meaningful compliance, the signal became noise.
A secondary problem emerged: the presence of the DNT header itself became a distinguishing browser attribute. Because relatively few users enabled it, sites that ignored the header could use its presence or absence as a fingerprinting signal to help identify individual users — the opposite of the intended effect.
Technical Implications and Privacy Concerns
The retirement of DNT addresses several critical privacy considerations. Security researchers have identified that the presence of DNT headers can paradoxically contribute to browser fingerprinting, creating a unique identifier that trackers can use to monitor user behavior. This technical limitation, combined with widespread non-compliance from websites, has transformed DNT from a privacy solution into a potential privacy risk.
Transition to Modern Privacy Protection
Mozilla’s decision aligns with contemporary privacy protection strategies, emphasizing legally enforceable mechanisms like Global Privacy Control (GPC). Unlike DNT, GPC benefits from regulatory support in various jurisdictions, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), making it a more reliable privacy protection tool.
Enhanced Privacy Features in Modern Browsers
Firefox continues to strengthen its privacy infrastructure through more effective mechanisms, including:
- Total Cookie Protection (TCP)
- Enhanced Tracking Protection (ETP)
- Anti-fingerprinting measures
- Built-in tracker blocking capabilities
Firefox users who relied on DNT: what changes and what to do
For most users, the practical impact of this change is minimal — DNT was already ignored by most sites. However, if you specifically enabled DNT as a privacy signal, you should:
- Enable Global Privacy Control in Firefox: Settings → Privacy & Security → enable “Tell websites not to sell or share my data.” GPC carries legal weight under CCPA (California) and is gaining adoption under GDPR frameworks.
- Verify Total Cookie Protection is active: Firefox’s default Enhanced Tracking Protection isolates cookies per site, preventing cross-site tracking without relying on website cooperation.
- DNT is still accessible via
about:config(searchprivacy.donottrackheader.enabled) for users who want to keep sending the header, though it will have no additional legal or practical effect.
GPC is the meaningful replacement: unlike DNT, it has statutory teeth in California and is enforceable in states with similar data-sale opt-out laws. Enabling it in Firefox takes under 10 seconds and delivers enforceable opt-out rights that DNT never provided.
