Exfiltrating User’s Private Data Using Google Analytics to Bypass CSP
medium.comtl;dr; Since a lot of websites allow google-analytics.com, 3rd party javascript code can use the fact there is no verification on the UA-ID to exfiltrate information.
tl;dr; Since a lot of websites allow google-analytics.com, 3rd party javascript code can use the fact there is no verification on the UA-ID to exfiltrate information.