@aral Using the DNT header is a great idea!
One approach: Set this header, then access any websites. Don't click any 'agree' nonsense. Then prove that they tracked you, probably by making a data protection access request to see all data they have on you.
Then report that to your local Data Protection Authority, and try to get them to make a precedent. I think (due to the #GDPR), non-gov orgs can sue companies, rather than needing a DPA (cf. noyb)
Moytura. Destroy the old gods.