What countries does your site leak data to?
A modern website built using your favorite Episerver CMS has a lot of external script resources that are being fetched from all around the world. This is both a good and a bad thing. You can get a lot of value from tools such as google analytics, hotjar, google translate etc but since you are running this scripts in the users browser you are also potentially leaking user information to these companies. This might be an issue in these GDPR times.
An easy way to check where you are getting your scripts from is to copy / paste this little script into your google chrome browser console:
https://github.com/tomper00/privacy-test-your-site/blob/main/scan-site.js
(Kudos to Tomas Persson for the script)
This will give you information similar to this for a common swedish site:
So what information are you sending to the US? Probably more than you think...
Happy coding! Stay safe!
Daniel Ovaska
Binary True AB
Comments