GDPR does not specify what technology to use to acquire consent [1], as long as the user consent. Trackers could honor the DNT header if they wanted to, and show the banner as a fallback for browsers not sending the header.
> Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
While DNT could potentially be used for opt-out, it wouldn't comply for opt-in because it is not specific or informed as the user does not know what specific data processing activities will be done, can't opt-in or out of specific data processing activities, doesn't know the identity of those doing them or that they can withdraw consent at any time.
DNT specification does not allow for giving valid consent under GDPR because it is not granular and it is not informed. There's no browser dialogue that details the requested consent for which and what processing.
And as for why DNT did not took off, it's because MSFT sabotaged it by making DNT set by default in Internet Explorer. The social contract in that time between adtech, publishers and users was that the signal would strictly be opt-in. The adtech industry used IE making DNT the default as justification for not honoring any of the signals being sent by browsers. It doesn't take a lot of reasoning to realize MSFT did this on purpose, knowing it itself earns income from ads.
