Implementation details behind Mixpanel's opt-out page

Question

What are the implementation details behind Mixpanel's opt-out page?

Background

Mixpanel has an opt-out page at https://mixpanel.com/optout/. Once you submit "Yes, I would like to opt out.", you supposedly won't be tracked on any site that leverages Mixpanel.

On the opt-out page, an "mp_optout" cookie gets set to "1".

    $(document).ready(function() {
        if (mp.cookie.exists('mp_optout')) {
            $('#optout').prop('checked', true);
        }

        $('#save_button').click(function() {
            $('#saved_text').show();
            if ($('#optout').prop('checked')) {
                mp.cookie.set('mp_optout', 1, 9999, true);
            } else {
                mp.cookie.remove('mp_optout', true);
            }
        });
    });

How does this setting eventually communicate with their javascript file, https://cdn.mxpnl.com/libs/mixpanel-2.2.min.js, to bypass tracking?

Answer 1

Even after opting out Mixpanel still makes the tracking requests to the server. You can see the mp_optout cookie that is sent with these requests:

You can look at the unminified JavaScript file by removing the ".min" from the URL: https://cdn.mxpnl.com/libs/mixpanel-2.3.js

If you search for "optout" you'll find this code:

var req = new XMLHttpRequest();
req.open("GET", url, true);
// send the mp_optout cookie
// withCredentials cannot be modified until after calling .open on Android and Mobile Safari
req.withCredentials = true;

Since they explicitly want to make sure that the mp_output cookie is sent they probably use it on the backend to ignore the request and not store any data.