QUESTIONS

Is cloudflare injecting tracking code for PDF requests in browsers via the browser PDF plugin?

  Papa Jones       2021/09/06       63


63

The question and answer about this post on Is cloudflare injecting tracking code for PDF requests in browsers via the browser PDF plugin? have a total of 2 answer so far..

asked
2 answers
63 votes

SOLUTIONS: (2)

0
      11

This is not about HTML. This is the HTML of Google Chrome, and Cloudflare controls the response HTTP headers, as it should, since it's the HTTP server responding to the request.

The Report-To header is part of Content Security Policy security features.

0
      9

No, this does not look like a security or privacy issue.

It seems your PDF viewer is generating an <embed> element and is adding a non-standard headers attribute. This attribute seems to contain HTTP response headers, so just anything the server of the PDF file sends back. For example, this contains an ETag for caching, and various security-related headers.

Cloudflare provides various features for its customers that involve HTML and HTTP rewriting. For example, it can absolutely inject links if configured that way (e.g. through a Cloudflare Worker). Cloudflare is in a MITM position and can inject arbitrary code and already track all requests. This is an essential aspect of their services.

But the report-to header is not used for tracking purposes. It merely provides an optional way for the browser to report problems with the website to the website operator. This can include information about deprecated browser features, Content Security Policy (CSP) violations, or networking problems. See their article Understanding Network Error Logging for an example use case. Since most websites do run a server that can collect and analyze CSP reports, Cloudflare inserts a reporting URL by default. Cloudflare can also use reports about networking and DNS problems to improve stability of their services, thus benefiting their customers.


QUESTIONS:



HOME POST

Connecting....
Nfiles Questions - nfiles.xyz the Q nad A blogs sites for free
๐Ÿ—‚ Nfiles ยป Home
๐Ÿ—‚ ModStore
๐Ÿ—‚ Videos
๐Ÿ—‚ Shareurl
๐Ÿ—‚ About us
๐ŸŒ Leaks.work
๐ŸŒ Malitanyo
๐ŸŒ Tagalog Anime 143 ๐Ÿ‘ค Mr. snow finger
๐Ÿ‘ค Yoki No moto
๐Ÿ‘ค Xdeveloper
๐Ÿ‘ค Malitanyo Dev
๐Ÿ‘ค Money Motto
๐Ÿ‘ค Ako Johnny Sin
Create with โค Questions by nfiles.xyz 2021