alt Hacker NewsThe client does not send an RTA header. The RTA header is only sent by the server or load balancer by design. Absolutely no action required by web site operators and owners assuming they enabled the header on any URL that is either adult or user-generated content.
It is up to the client what to do with the header which right now is nothing. A law would be required to get the snippet of code added to user agents. I estimate it would take an intern one afternoon to get it into the clients they support not counting dev/qa, management approval, etc...
Challenge to FAANG: Show off your interns! There is no harm in adding the code required to detect this header. Example header to detect sent from NGinx. If you detect this header activate nanny controls. To be safe do a separate parental_build to get manager approval.
add_header Rating 'RTA-5042-1996-1400-1577-RTA' always;
For fun, search for this on Shodan.
> The RTA header is only sent by the server or load balancer by design. Absolutely no action required by web site operators and owners assuming they enabled the header on any URL that is either adult or user-generated content.
The website owners and operators have to decide which URLs get the header. If the categorization is "either adult or user-generated content", then I already covered that for the case of YouTube: i.e., the entire site is denied to kids (whose parents opt in).