|
|
|
|
|
|
by solardev
566 days ago
|
|
|
OP, how does this scheme work? If the client is authoritative, that means anybody can just copy that network request and spam you with fake data for that domain. Indeed, if I copy that network request and curl it with changed headers, I still get a 200, which suggests that this is the case... I'm also concerned about your claim for GDPR compliance. Keeping an IP address for a day and then incrementing against it is still storing personal information, even if it's not in a cookie. Using a server to do the tracking doesn't automatically exempt it from cookie notices. Storing the IP address for a day doesn't automatically make it non-PII, either. At the very least you should be hashing it. See what Plausible does at https://plausible.io/data-policy or read up on the GDPR discussion at https://ec.europa.eu/justice/article-29/documentation/opinio... |
|
|