Add Respects DNT Header audit?

[jbmoelker]

The DNT Header tells servers to Do Not Track a user. We can audit if a site respects this header. So are Google Analytics, Hotjar, ... loaded if the header is set. And if so, do they use proper settings to respect DNT?

Do we consider this part of "Secure UX" or do we categorise this as privacy related only? Only if we consider it "Secure UX" do I think we should add it as an audit.