TLDR: Set the following in your caddyfile for each site:
header Permissions-Policy "interest-cohort=(),browsing-topics=()". This disable both the old FLoC and the new Topics.
Here is an abbreviated version of my Caddyfile, showing how I set the
header directive in my Caddyfile for
To confirm the header is set, you can use a Firefox or Chrome's devtools, open the networking tab, and look for the Permissions-Policy response header. More context below the cut.
More context: Google has renamed and tweaked its controversial 2021 "Federated Learning of Cohorts" tracking project and replaced it with the Topics API. These are surveillance capitalism tools built into Chromium-based browsers. Unless you explicitly set the
Permissions-Policy "browsing-topics=()" header, every website will participate in Google's Topics API when a Chrome user visits it.
Here is the full "Opt out your site" section from Google's "Topics API developer guide" (see
https://developer.chrome.com/docs/privacy-sandbox/topics/#site-opt-out), accessed 2023-Jul-13:
You can opt out of topic calculation for specific pages on your site by including the
Permissions-Policy: browsing-topics=()Permissions-Policy header on a page to prevent topics calculation for all users on that page only. Subsequent visits to other pages on your site will not be affected: if you set a policy to block the Topics API on one page, this won't affect other pages.
You can also control which third parties have access to topics on your page by using the
Permissions-Policyheader to control third-party access to the Topics API. As parameters to the header, use
selfand any domains you would like to allow access to the API. For example, to completely disable use of the Topics API within all browsing contexts except for your own origin and
https://example.com, set the following HTTP response header:
Permissions-Policy: browsing-topics=(self "https://example.com")