Category: Security
Web and tracking code security — XSS, Content Security Policy, GTM risks, third-party scripts. How to protect your site and visitor data.
GTM vs. CSP — How to Make Tracking and Security Coexist
A developer deploys Content Security Policy on the company website — and tracking silently breaks. Or the reverse: an analyst adds a tag to Google Tag Manager (GTM) and pushes through a CSP exception — measurement works, but the site is wide open. GTM is inherently a script injector — it loads third-party scripts into…
Written by
How to Break a Website Using Google Tag Manager
Google Tag Manager runs on over 30 million websites. It’s one of the most widely used tools for managing tracking and marketing scripts. Marketers love it — you can add a tag in 2 minutes, no developer needed, no deploy required. But GTM is essentially a script injector with a graphical interface. What does that…
Written by
Who reads the forms on your website? (And do you know about it?)
Imagine the following situation. A visitor comes to your website, fills out an order form—name, email, phone number—and submits it. The data goes to your CRM or database. But it’s quite possible that the same data — hashed, but still identifiable — is also being sent to the servers of Google, Meta, TikTok, Pinterest, and…
Written by
