Lots of people have been spreading the often-unnecessary advice to add a Permissions-Policy response header to their sites to opt-out of Google’s FLoC, and some have been going so far as to ask FLOSS maintainers to patch their software to make this the default. When discussions got heated to the point of accusing webmasters who don’t implement these headers of being “complicit” in Google’s surveillance, I felt I had to write this.

Everybody: please calm down, take a deep breath, and read the spec before you make such prescriptive advice about it.

FLoC is terrible, but telling everyone to add a magic “opt-out header” in every situation conveys a misunderstanding of everything you need to know about the opt-in/out process.