• by Wendy Davis , Staff Writer @wendyndavis, October 12, 2015

The White House's health insurance site HealthCare.gov is now honoring do-not-track headers, the site's CEO says in a new blog post.

"We know privacy is important to you when you use the web," Kevin Couniham writes in a post announcing the new approach to privacy. "If you have Do Not Track enabled in your browser, we’ll automatically observe your preferences related to digital advertising from HealthCare.gov."

He adds that the site has rolled out a new privacy tool that enables people to opt out "of the different types of third-party tools used by HealthCare.gov -- Advertising, Analytics, or Social Media."

If visitors to HealthCare.gov don't opt out of tracking, the site's third-party partners will store ad-related data in cookies on users' browsers. Those cookies are then used for purposes like re-targeting consumers by sending them ads after they've visited Healthcare.gov.

Digital rights group Electronic Frontier Foundation said HealthCare.gov's decision to honor do-not-track headers is "a great first step toward protecting consumer privacy on the part of healthcare.gov."

But the group also pointed out that people who use the site's privacy manager tool to opt out can only do so if they accept a cookie from HealthCare.gov. "Thus, users who have chosen to disable cookies will not be able to set any privacy protections. (Do Not Track will still be honored even when cookies are turned off, however)," the EFF writes. "We think that users who disable cookies are expressing a privacy preference, just like users who activate DNT, and we recommend that websites treat users who disable cookies the same way."

The group adds that doing so would require the use of Javascript, but is "technically feasible."

The EFF also suggests that HealthCare.gov should disable social widgets, including Facebook's "Like" button.

Earlier this year, HealthCare.gov hastily reconfigured its site after learning it was leaking information about visitors to ad networks via "referrer headers," or the HTTP header information that's automatically transmitted to ad networks and other third parties.

The data sent to ad networks potentially included people's ZIP codes, income levels, and health-related information, like whether they smoked or were pregnant, according to reports by The Associated Press and EFF.