Best practices for using third-party resources

You want to comply with privacy regulations, and you have user-specified resources embedded on your site that may be tracking users without their consent. How can you ensure that these resources cannot track users without their consent?

This is a common problem for any site that embeds any third-party resources. These resources can be loaded via analytics, advertising, social widgets, or user-configurable embedded content. There are a variety of ways to handle this, with each approach having its own pros and cons.

The preferable solution for user privacy is to re-host resources on your own servers, so that the original site doesn't get to see your users IP addresses or set/receive tracking cookies.

Re-hosting content adds backend cost and complexity, so it's not always a practical solution for existing systems. The following techniques can all be used on the client-side without any server-side cost:

One technique is to enable tracking vendor-specific data processing restriction features by overriding requests to force certain parameters or hostnames. Request overrides can also be used to sanitize sent requests by removing any detected personal data from requests before they are sent.

Transcend Consent Management can automatically enforce certain vendor-specific opt-out parameters and share consent signals with certain vendor APIs through Transcend's Privacy Preserving Tracker Overrides.

Read more: Integrations

Another technique that can be implemented through our request overrides architecture is personally identifiable information scrubbing. This is a technique that can be used to remove personal data from requests before they are sent.

Transcend Consent Management can override requests using the airgap.js request overrides API so that you can programmatically scrub personal data from requests before they are sent. The following example demonstrates how to use our request overrides API to scrub a list of known PII-containing parameters from requests unless the user is fully opted in.

// List of query parameters containing PII to scrub
const piiParams = ['email', 'fullName'];

// Register pre-init airgap.js request overrides
self.airgap = {
  overrides: [
    {
      override(event) {
        event.URLs.forEach((URL, i) => {
          const { searchParams } = URL;
          const shouldScrub = airgap.isOptedOut();
          if (shouldScrub) {
            const paramsToScrub = piiParams.filter((param) =>
              searchParams.has(param),
            );
            if (paramsToScrub.length > 0) {
              // scrub parameters from URL
              paramsToScrub.forEach((param) => {
                searchParams.delete(param);
              });
              // re-serialize URL input
              event.urls[i] = URL.href;
            }
          }
        });
      },
    },
  ],
};

You can omit cookies and other credentials from certain network requests by setting various attributes on request-causing elements and supplying optional flags in JavaScript networking APIs. airgap.js provides an IPendingEvent.omitCredentials(): boolean API which returns success state that toggles relevant credential omission flags where applicable. This API affects data flows both in-transit as they are emitted and at-rest in the request quarantine.

Credential omission is limited to the following request sources:

  • Network APIs
    • fetch
    • XMLHttpRequest
  • Workers:
    • Worker
    • SharedWorker
    • ServiceWorker
  • HTML elements
    • img
    • link
    • script
    • audio
    • video

If you wish to hide or truncate the original page referrer string sent to a linked resource, you can use the referrerpolicy attribute on img elements, iframe elements, and other elements. The Referrer-Policy HTTP header can also set referrer behavior for all resources on a page.

If you wish to embed third party resources using iframe elements, there are additional features such as the sandbox attribute which can be used to reduce how the iframe can track the user. Sandbox configurations that allow scripting are potentially dangerous as the content may perform unique persistent tracking via fingerprinting or similar means.