|
|
|
|
|
|
by ompaLompa
1222 days ago
|
|
|
You can do quite a bit of tracking with CSS by conditionally loading third party resources. Tracking pixels, loading different images on hover, active, focus, etc can effectively track users For example some controlled frameworks can even have CSS only keylogging https://css-tricks.com/css-keylogger/ The correct solution is enable a strict Content Security Policy (CSP) - so even when a user compromises your website with XSS/CSS they cannot extract any data they obtain. Note: this website has not configured a Content Security Policy :( |
|
|