Why don't browsers automatically answer cookie popups as an option?

Question

Some people don't care about the privacy implications of cookies.

dusted · Accepted Answer

Because the popus are just some UI with no meaning to the browser.
When EU had that particular brain hemorrhage, the cookie header should have been updated to include the text, so that the popup was part of browser ui, not website ui. Then the user could chose to configure their browser to either accept all, required, or no cookies automatically, without the popup.
I still think we should add it to browser now, sites would have a strong incentive to start using it as they would bug users less, and save money on valueless webdevelopment.

sircastor · Answer

I think the biggest issue is the lack of a standard API for such a thing. You&rsquo;d basically have to do some text analysis to make the right choice, and once you&rsquo;ve automated this, you&rsquo;ve given the site wholesale permission to get you to agree to anything. Even if you don&rsquo;t care about privacy, it&rsquo;s only a matter of time before someone abuses the automation to some end.On this end, it seems to me the appropriate solution is to make a standard API and we can dispense with this pop up madness.

WHA8m · Answer

I also wondered, because this seems like a solvable technical problem. It's just clicks on the right buttons. Even if you can't abstract the problem, you could find the right pattern with user data.On the other hand, those cookie options aren't just there to annoy you. They have legal relevance. If a program takes those decisions from you, who'd be responsible? This may be a reason why few people want to touch the topic... idk

detaro · Answer

Any standard to do that would also need to enable browsers to automatically reject cookie prompts, and industry has shown again and again that they will not support such a thing. I assume that's the primary reason why something like this isn't being developed.

kawsper · Answer

First we had do-not-track-header: https://en.wikipedia.org/wiki/Do_Not_Track which was quite simple.
Later we have seen things like GPC: https://globalprivacycontrol.org
But it is up to the website owners to respect these values, and also, GDPR requires an informed consent, and an automatic header might not be valid.