Is cloudflare injecting tracking code for PDF requests in browsers via the browser PDF plugin?

  Papa Jones       2021/09/06       214


The question and answer about this post on Is cloudflare injecting tracking code for PDF requests in browsers via the browser PDF plugin? have a total of 2 answer so far..

2 answers
214 votes



This is not about HTML. This is the HTML of Google Chrome, and Cloudflare controls the response HTTP headers, as it should, since it's the HTTP server responding to the request.

The Report-To header is part of Content Security Policy security features.


No, this does not look like a security or privacy issue.

It seems your PDF viewer is generating an <embed> element and is adding a non-standard headers attribute. This attribute seems to contain HTTP response headers, so just anything the server of the PDF file sends back. For example, this contains an ETag for caching, and various security-related headers.

Cloudflare provides various features for its customers that involve HTML and HTTP rewriting. For example, it can absolutely inject links if configured that way (e.g. through a Cloudflare Worker). Cloudflare is in a MITM position and can inject arbitrary code and already track all requests. This is an essential aspect of their services.

But the report-to header is not used for tracking purposes. It merely provides an optional way for the browser to report problems with the website to the website operator. This can include information about deprecated browser features, Content Security Policy (CSP) violations, or networking problems. See their article Understanding Network Error Logging for an example use case. Since most websites do run a server that can collect and analyze CSP reports, Cloudflare inserts a reporting URL by default. Cloudflare can also use reports about networking and DNS problems to improve stability of their services, thus benefiting their customers.


Nfiles Questions - the Q nad A blogs sites for free
🗂 Nfiles » Home
🗂 ModStore
🗂 Videos
🗂 Shareurl
🗂 About us
🗂 Bitcoin

👤 Mr. snow finger
👤 Yoki No moto
👤 Xdeveloper
👤 Malitanyo Dev
👤 Money Motto
👤 Ako Johnny Sin
Create with ❤ Questions by 2021