Sec-GPC Request
curl -X POST \
"https://<project-ref>.supabase.co/functions/v1/gpc-signal?domain=<your-domain>" \
-H "Origin: https://<your-domain>" \
-H "Sec-GPC: 1" \
-H "Content-Type: application/json"Developers
API Reference
GPCGuard exposes an API-layer GPC decision endpoint for configured customer sites. Customers still wire HONORED outcomes into their CMP, tag manager, CDP, server-side events, and ad partners.
navigator.globalPrivacyControl
if (navigator.globalPrivacyControl === true) {
await fetch("https://<project-ref>.supabase.co/functions/v1/gpc-signal?domain=<your-domain>", {
method: "POST",
headers: { "Content-Type": "application/json" },
})
}Success Response Shape
{
"gpc_enabled": true,
"decision_reason": "gpc_opt_out_honored",
"decision_state": "ACKNOWLEDGED",
"policy": {
"honored": true,
"sale_opt_out": true,
"sharing_opt_out": true,
"targeted_advertising_opt_out": true
},
"confirmation": "[site confirmation text]",
"compliance_standard": "2026-GPC-SPEC",
"response_code": 200,
"signal_source": "header",
"signal_id": "sig_[redacted]"
}See the full field reference in Decision Schema.
Outcome Definitions
- HONORED / ACKNOWLEDGED
- A valid GPC request was processed and policy flags were returned for customer handoff.
- DENIED
- A compliance-critical guard rejected the request or the policy did not honor the signal.
- FAILED
- The request hit an internal failure path; review logs and retry after configuration or service recovery.
Common Errors
- 400
- Missing domain parameter
- 403
- Origin mismatch, inactive site, or DPA not accepted
- 404
- Site not found
- 429
- Rate limit exceeded
- 503
- Circuit open
Guard Chain
Rate limit
Rejects abusive or excessive request patterns before policy work.
Site exists
Confirms the domain maps to a configured customer site.
Origin allowed
Checks the caller origin against configured site boundaries.
Site active
Stops processing for inactive sites.
DPA accepted
Requires the site-level DPA gate before activation.
Circuit breaker
Pauses processing when the site safety circuit is open.