Global Privacy Control (GPC) is a set of web technologies that can be used to inform websites of the user's wish to have their information not be sold or used by ad trackers. Unlike the now-deprecated Do Not Track header, which was unsuccessful as it was ignored by third parties, GPC is intended to have legal force under privacy laws.

GPC was developed in 2020 by privacy technology researchers including Wesleyan University professor Sebastian Zimmeck and former Chief Technologist of the Federal Trade Commission Ashkan Soltani, as well as a group of privacy-focused companies including the Electronic Frontier Foundation, Automattic (owner of Tumblr and WordPress), and more.

GPC has three implementations, two of which allow browsers to communicate preferences to web servers and web content, and the third allowing website operators to signal information about GPC compliance to the rest of the Internet.

The first is an HTTP header with the form

Sec-GPC: 1

The character '1' is the only allowed value for the header. There is deliberately no mechanism for extensibility; the creators of the standard have stated that they will create new headers if extension becomes necessary.

The GPC preference may also be signalled by the browser setting the gpcAtNavigation property of the top-level browsing context of loaded pages to the value true.

Websites can optionally host a JSON-formatted file known as the GPC support resource at the well-known URI .well-known/gpc.json to indicate how they respond to the GPC signal. This file has up to two relevant members (all other members should be ignored): a gpc boolean member where true means that the server intends on complying with GPC requests, and false means it does not, and a lastUpdate member. By default, a website's support is unknown.