Blocking Google FLoCs

As described in this article, Google will begin a trial of its new feature which many feel endangeres the privacy of Chrome users. There is currently no way for the users to opt out.

However, website owners do have the option to opt-out by sending a specific header.

Permissions-Policy: interest-cohort=()

This is described in more detail on floc’s github page,

I would like to add this header but since I’m behind Cloudflare I can’t add custom headers (this would require an enterprise subscription).

Could Cloudflare add this feature on its own as a security measure? We already have tools to block XSS etc, this would mean adding one more thing to block.

There sure is. Don’t use Chrome.

I add custom headers at the origin. You can also add headers with Workers.

https://scotthelme.co.uk/security-headers-cloudflare-worker/

4 Likes

It would be great if Cloudflare added this option as a Page Rule. Then, it’s just a few clicks to enable it across your whole domain.

3 Likes

Is there an option to add Headers in an Enterprise account without using Workers? I currently add/remove/delete all headers on my Origin.

2 Likes

I would love if this was a feature that could be enabled account-wide. Could be a simple yes/no switch for “Enable FLoC opt-out”.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.