> I am so puzzled by ...
Because it's inverted. If it's opt in on the parent's part anyway then there's no reason to send additional information along with the request. The service should rather send additional information about content categorization alongside the response.
So what reasons can you imagine for it to be designed in such an obviously unnecessary way?
That design would require websites to have separate sections per age bracket.
No more or less than sending age information or registering an ID does. In all cases they must track content classification at some granularity (individual resource, single page, subdomain, some other scheme) and act on that information. The only thing that varies is how they act.
Yes, when it's client-sent they can hide classified parts of the page. When it's server-sent you either mark the whole website 18+ or you hide 18+ content for everyone.
You're just making things up. There's no technical reason a header based solution can't be granular. It could also specify alternative resources similar to how multiple image resolutions are handled today. It all depends on what is standardized.
Right now the only one I'm aware of is RTA which theoretically applies on a per-request basis although I expect that approximately all present usage is uniform site wide.
If you can redirect based on over18 every site will do that to learn the same information as if the client just sent it, but slower.
If such a feature were specified then a site would merely have the option of providing alternatives. In the event that it did, whether or not to follow such redirects would be entirely up to the client.
Such a system is clearly the technically superior solution. It regulates the provider as opposed to the client, forcing the market to provide a workable solution for concerned parties while the client maintains complete control over how things are handled. It further steers well clear of any slippery slopes by not mandating the broadcast or collection of personal information.
Perhaps important from a liability perspective, it places the onus on the client as opposed to these latest attempts to shift it squarely onto the service provider. Right now the legality of serving content across jurisdictional boundaries is extremely convoluted. With ID or age reporting laws it clearly becomes the service provider's responsibility. In contrast, a mandatory metadata standard for classification would create a situation in which it is clear that the legal responsibility (if any) to appropriately configure filters falls to the client.
Of course such a solution would be of no help to the anti-porn and pro-surveillance lobbies. That's the entire point.
So we're back to every website having a link to the over18 version of itself