From a076a9da849e374119b8f2cd7e334351cddf08f9 Mon Sep 17 00:00:00 2001
From: Nick Colley <nick.colley@digital.cabinet-office.gov.uk>
Date: Fri, 1 Jun 2018 12:25:18 +0100
Subject: [PATCH 1/2] Do not track users who have enabled 'DoNotTrack'

Adds a guard around Google Tag Manager script to prevent it from initialising,
for users who have indicated they do not want to be tracked.
---
 docs/views/layout.html | 4 ++--
 server.js              | 9 +++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/docs/views/layout.html b/docs/views/layout.html
index ce594ad0d9..a35f51fa53 100644
--- a/docs/views/layout.html
+++ b/docs/views/layout.html
@@ -24,14 +24,14 @@
 
 {% block head %}
   {% include "includes/head.html" %}
-  {% if promoMode == 'true' and gtmId %}
+  {% if doNotTrackEnabled == false and promoMode == 'true' and gtmId %}
     {% include "includes/tracking_head.html" %}
   {% endif %}
 {% endblock %}
 
 
 {% block bodyStart %}
-  {% if promoMode == 'true' and gtmId %}
+  {% if doNotTrackEnabled == false and promoMode == 'true' and gtmId %}
     {% include "includes/tracking_body.html" %}
   {% endif %}
 {% endblock %}
diff --git a/server.js b/server.js
index f098c70edf..f2a97427c2 100644
--- a/server.js
+++ b/server.js
@@ -123,6 +123,15 @@ app.use(bodyParser.urlencoded({
   extended: true
 }))
 
+// Add global variable to determine if DoNotTrack is enabled.
+// This indicates a user has explicitly opted-out of tracking.
+// Therefore we can avoid injecting third-party scripts that do not respect this decision.
+app.use(function (req, res, next) {
+  // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/DNT
+  app.locals.doNotTrackEnabled = (req.header('DNT') === '1')
+  next()
+})
+
 // Add variables that are available in all views
 app.locals.gtmId = gtmId
 app.locals.asset_path = '/public/'

From 57ba170f93b4a18fd8fc66119cb26d12f30e52ef Mon Sep 17 00:00:00 2001
From: Nick Colley <nick.colley@digital.cabinet-office.gov.uk>
Date: Wed, 27 Jun 2018 13:25:14 +0100
Subject: [PATCH 2/2] Update CHANGELOG

---
 CHANGELOG.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6ca55cc09f..147c1b9d0e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,14 +3,13 @@
 New features:
 
 - [#501 Add default session data](https://github.com/alphagov/govuk_prototype_kit/pull/501)
+- [#502 Add Cookies and Privacy policy text](https://github.com/alphagov/govuk_prototype_kit/pull/502)
+- [#521 Do not track users who have enabled 'DoNotTrack'](https://github.com/alphagov/govuk_prototype_kit/pull/521)
 
 Bug fixes:
 
 - [#491 Remove redundant Google Analytics](https://github.com/alphagov/govuk_prototype_kit/pull/491)
 
-New features:
-- [#502 Add Cookies and Privacy policy text](https://github.com/alphagov/govuk_prototype_kit/pull/502)
-
 # 6.3.0
 
 New features: