The failure of the EU was to not write into (an updated version of the law) that setting a specific HTTP header means "no", and "no" means "no" not "show me a popup to ask" (i.e. showing a popup in such cases would not be allowed).
It wouldn't matter because most of the consent flows you see are already not compliant. The problem is a perpetual lack of enforcement even for the blatant breaches. An HTTP header wouldn't change the situation, websites would still ignore it and still get away with it.
The consent flows are good enough that the companies selling them can claim that they're compliant, and enforcement is slow, partly because there are so many things that are not 100% clear.
The header would be a relatively clear cut situation, also opening the path to private enforcement via NOYB & Co.
A mandatory header would get implemented on sites that even halfway try to comply, and it would be extra easy to enforce on fully malicious sites. I think it would be useful.
