Analysis on 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) revealed that pixels/trackers are collecting and/or transferring data prior to the explicit consent (e.g., cookie acceptance) of a website user. (While some do not require actual consent for one reason or another, the consent is not explicitly made.) Table 1 shows the degree to which some pixels/trackers were present on the analyzed websites.
Figure 1: Crawl results shown by Feroot Inspector’s client-side security scanning feature
Figure 1 above shows a sample website where 21 pixels/trackers load and collect user information – where no consent is requested and no consent is given. Yet, as shown in Figure 2 below, pixels/trackers and scripts are transferring user data to 71 servers in the US.
Figure 2: Pixels/Trackers load and collect user information – with no consent requested nor given
Figure 3 below illustrates how the amount of pixels/trackers and scripts in supply chain code can vary significantly across different webpages of a website. This is shown through the number of pixels, trackers, and scripts reported in the Trackers and Scripts columns. As a result, each webpage that deals with sensitive user information may have its own specific privacy and security risks that need to be considered.
Figure 3: The amount of pixels/trackers and scripts in supply chain code can vary significantly across different webpages of a website
Interested to learn more about how pixels/trackers are common and abundant on webpages?
Download our latest report today.