You're taking exactly the right approach in my book. Thank you!

I don't know if they still do it, but last time I browsed Medium I found that it claimed to respect DNT, which is quite nice. Lots of self-hosted analytics software also respects DNT out of the box and I don't think site administrators often bother to turn that off. Still, the vast majority of websites probably ignores the header, especially since it's been deprecated as a standard. If you care about such things, maybe also consider looking into Sec-GPC, its intended replacement.

I do indeed check against both DNT and Sec-GPC (and navigator.doNotTrack and navigator.globalPrivacyControl in JS) basically treating them identically. GPC is ostensibly not about tracking itself, but about sharing data, though I just figured that data that isn't recorded can't be shared either.