Developers

Decision Schema

Decision records describe requests processed by the GPCGuard endpoint. They help explain endpoint behavior; they do not prove legal compliance or downstream suppression by themselves.

Field	Type	Meaning
signal_id	string	Unique identifier for the processed request decision record.
processed_at	ISO timestamp	When the endpoint processed or recorded the decision.
site	string	Configured customer domain associated with the decision.
signal_source	header \| navigator \| none	Whether Sec-GPC, navigator.globalPrivacyControl, or no signal was observed.
gpc_enabled	boolean	Whether the endpoint observed an enabled GPC preference.
decision_outcome	HONORED \| DENIED \| FAILED \| NO_SIGNAL_OBSERVED	Customer-facing outcome label for evidence review.
policy.honored	boolean	Whether the configured policy honored the observed signal.
policy.sale_opt_out	boolean	Whether the response indicates sale opt-out should be applied.
policy.sharing_opt_out	boolean	Whether the response indicates sharing opt-out should be applied.
policy.targeted_advertising_opt_out	boolean	Whether the response indicates targeted-advertising opt-out should be applied.
compliance_standard	string	Customer-configured compliance label returned with the decision.
policy_version	string	Policy or evidence version label, when available.
guard_results	array	Guard-stage outcomes used to explain the endpoint decision.
downstream_handoff_note	string	Reminder that suppression outside GPCGuard depends on customer wiring.

Guard-Chain Table

GPCGuard guard results should identify the stage that passed, denied, or failed. Typical stages include rate limit, site existence, origin, active site, DPA acceptance, circuit breaker, and policy decision.

Downstream Handoff

A HONORED decision should be treated as an input to customer-controlled systems. Customers need to map it into CMP state, tag-manager rules, CDP suppression, server-side event logic, and ad-partner controls.