https://kokkeloren.no/
Severe privacy issues requiring immediate attention
40
Trackers Found
15
Cookies
118
Network Requests
11.2s
Load Time
Kokkeløren.no has serious GDPR compliance violations that expose the company to regulatory fines. The site immediately starts tracking visitors to US servers (Google, Snapchat, Microsoft) before they can consent, with personal data potentially being captured in session recordings and error logs. While consent management tools are installed, they're either misconfigured or bypassed by most tracking systems, creating maximum regulatory exposure.
Critical Actions:
Detail
Found 13 tracking cookie(s) and 1 tracking request(s) BEFORE any consent interaction. This is the most common GDPR violation.
Remediation
Configure CookieBot to block ALL tracking scripts and cookies until after consent is given. Enable 'prior consent' mode and test that no tracking fires on page load before banner interaction.
Legal Reference
GDPR Art. 5(1)(a), ePrivacy Directive Art. 5(3), Planet49 ruling
Raw Data
{
"tracking_cookies_before_consent": 13,
"tracking_requests_before_consent": 1
}Detail
The consent banner has no visible 'reject' or 'decline' button. Under GDPR, rejecting cookies must be as easy as accepting them.
Remediation
Add a prominent 'Reject All' button that's equally visible to 'Accept All'. The reject button must be the same size, color prominence, and require the same number of clicks as accept.
Legal Reference
GDPR Art. 7, Planet49 ruling, EDPB Guidelines 05/2020
Raw Data
{
"reject_button_found": false
}Detail
Found CookieBot CMP (CookieBot (Usercentrics)) loading from https://consent.cookiebot.com/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/cc.js?renew=false&referer=kokkeloren.no&dnt=false&init=false. Purpose: Cookie consent management platform.
Remediation
No action needed — CookieBot is a reputable GDPR-compliant consent platform. Focus on proper configuration to prevent pre-consent tracking.
Raw Data
{
"vendor": "CookieBot (Usercentrics)",
"purpose": "Cookie consent management platform",
"category": "consent",
"script_src": "https://consent.cookiebot.com/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/cc.js?renew=false&referer=kokkeloren.no&dnt=false&init=false",
"gdpr_concern": "Consent management tool.",
"tracker_name": "CookieBot CMP",
"data_collected": [
"consent preferences"
]
}Detail
2 request(s) to consent.cookiebot.com (Cookie consent management platform).
Remediation
No action needed — these requests are required for the consent platform to work. Monitor that consent preferences are properly respected after banner interaction.
Raw Data
{
"domain": "consent.cookiebot.com",
"vendor": "CookieBot (Usercentrics)",
"purpose": "Cookie consent management platform",
"sample_urls": [
"https://consent.cookiebot.com/uc.js?cbid=722d4d5b-d6d6-4159-8ee4-e23e6a44b532&implementation=gtm&consentmode-dataredaction=dynamic",
"https://consent.cookiebot.com/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/cc.js?renew=false&referer=kokkeloren.no&dnt=false&init=false"
],
"pii_detected": [],
"request_count": 2,
"resource_types": [
"script"
]
}Detail
Cookie consent banner powered by Custom consent banner (Custom) is present on the page.
Remediation
Verify only one consent system is active. If using CookieBot, disable any custom consent banners to prevent conflicts and ensure proper tracking control.
Legal Reference
GDPR Art. 7
Raw Data
{
"cmp": "Custom consent banner",
"vendor": "Custom"
}Detail
4 request(s) to tr.snapchat.com (unknown) — PII detected: e in POST body.
Remediation
Remove Snapchat Pixel tracking code immediately. If advertising conversion tracking is needed, implement it only after obtaining explicit consent through your cookie banner.
Legal Reference
GDPR Art. 6 (lawful basis), Art. 7 (conditions for consent), ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "tr.snapchat.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://tr.snapchat.com/config/no/1d31ab17-414f-451d-8894-ae8da4c42eca.json?v=3.54.2-2603162155",
"https://tr.snapchat.com/cm/i?pid=1d31ab17-414f-451d-8894-ae8da4c42eca&u_scsid=490eb951-b515-466a-abdd-59adee249804&u_sclid=ba9ce143-f8db-48c4-8da3-7c58dc74a901",
"https://tr.snapchat.com/p",
"https://tr.snapchat.com/p"
],
"pii_detected": [
"e in POST body"
],
"request_count": 4,
"resource_types": [
"document",
"fetch",
"ping"
]
}Detail
1 request(s) to track-eu1.hubspot.com (unknown) — PII detected: ln (URL parameter).
Remediation
Configure HubSpot to only track after consent is given. Consider using HubSpot's EU data processing options or implement IP anonymization to reduce personal data exposure.
Legal Reference
GDPR Art. 6 (lawful basis), Schrems II (EU-US data transfers)
Raw Data
{
"domain": "track-eu1.hubspot.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1920x1080&cd=24-bit&cs=UTF-8&ln=nb-no&v=1.1&a=139580736&pu=https%3A%2F%2Fkokkeloren.no%2F&t=Matkasse+fra+Kokkel%C3%B8ren&cts=1773747858494&vi=325f75a8443"
],
"pii_detected": [
"ln (URL parameter)"
],
"request_count": 1,
"resource_types": [
"image"
]
}Detail
Third-party cookie from sc-static.net, expires: 0 days, purpose: Unrecognized cookie.
Remediation
Investigate sc-static.net cookie source and remove if not essential. If it's from a necessary service, ensure proper documentation in your privacy policy.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 13 (information requirements)
Raw Data
{
"expiry": "0 days",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "None",
"cookie_name": "X-AB",
"cookie_domain": "sc-static.net",
"is_long_lived": false,
"is_third_party": true
}Raw Data
{
"expiry": "0 days",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "None",
"cookie_name": "__cf_bm",
"cookie_domain": "hubspot.com",
"is_long_lived": false,
"is_third_party": true
}Raw Data
{
"expiry": "session",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "None",
"cookie_name": "_cfuvid",
"cookie_domain": "hubspot.com",
"is_long_lived": false,
"is_third_party": true
}Detail
First-party cookie from kokkeloren.no, expires: 5 months, purpose: HubSpot visitor tracking cookie.. Vendor: HubSpot.
Remediation
Configure HubSpot tracking to activate only after consent. Consider reducing cookie lifetime and implementing IP anonymization for privacy-friendlier analytics.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 6 (lawful basis)
Raw Data
{
"expiry": "5 months",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__hstc",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 5 months, purpose: HubSpot user token for visitor identification.. Vendor: HubSpot.
Remediation
Ensure this tracking only activates after explicit consent. Consider implementing HubSpot's privacy-friendly options and shorter retention periods.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 6 (lawful basis)
Raw Data
{
"expiry": "5 months",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "hubspotutk",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: session, purpose: HubSpot session reset detection.. Vendor: HubSpot.
Remediation
Ensure HubSpot session tracking only occurs after consent. This cookie is part of HubSpot's analytics suite and requires marketing consent.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"expiry": "session",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__hssrc",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 0 days, purpose: HubSpot session tracking.. Vendor: HubSpot.
Remediation
Configure HubSpot session counting to activate only after receiving proper marketing consent from visitors.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"expiry": "0 days",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__hssc",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from clerk.kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Document Clerk authentication cookies in your privacy policy. These are likely necessary for user login functionality but require transparency about data storage.
Legal Reference
GDPR Art. 13 (transparency)
Raw Data
{
"expiry": "1 years",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "Lax",
"cookie_name": "__client",
"cookie_domain": "clerk.kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Review if year-long authentication tokens are necessary. Consider shorter expiration periods and document these cookies in your privacy policy.
Legal Reference
GDPR Art. 5(1)(e) (storage limitation), Art. 13 (transparency)
Raw Data
{
"expiry": "1 years",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__client_uat",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Audit authentication cookie retention periods. Implement shorter lifespans where possible and ensure all auth cookies are documented in your privacy policy.
Legal Reference
GDPR Art. 5(1)(e) (storage limitation), Art. 13 (transparency)
Raw Data
{
"expiry": "1 years",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__client_uat_rj7vSR9-",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from clerk.kokkeloren.no, expires: 0 days, purpose: Unrecognized cookie.
Remediation
Document Cloudflare security cookies in your privacy policy. These are typically necessary for protecting your login system from automated attacks.
Legal Reference
GDPR Art. 13 (transparency)
Raw Data
{
"expiry": "0 days",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "None",
"cookie_name": "__cf_bm",
"cookie_domain": "clerk.kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from clerk.kokkeloren.no, expires: session, purpose: Unrecognized cookie.
Remediation
Add documentation about Cloudflare security cookies to your privacy policy. These session cookies are typically necessary for service security.
Legal Reference
GDPR Art. 13 (transparency)
Raw Data
{
"expiry": "session",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "None",
"cookie_name": "_cfuvid",
"cookie_domain": "clerk.kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Identify the purpose of _scid cookies (likely from Snapchat integration). Document in privacy policy or remove if not essential for service operation.
Legal Reference
GDPR Art. 13 (transparency), ePrivacy Directive Art. 5(3)
Raw Data
{
"expiry": "1 years",
"secure": false,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "_scid",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Document the purpose of _scid_r cookies in your privacy policy. If these are from Snapchat Pixel, ensure they only activate after advertising consent.
Legal Reference
GDPR Art. 13 (transparency), ePrivacy Directive Art. 5(3)
Raw Data
{
"expiry": "1 years",
"secure": false,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "_scid_r",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 6 days, purpose: Unrecognized cookie.
Remediation
Identify and document the _ScCbts cookie purpose. If it's from Snapchat Pixel, ensure it only activates after advertising consent is given.
Legal Reference
GDPR Art. 13 (transparency), ePrivacy Directive Art. 5(3)
Raw Data
{
"expiry": "6 days",
"secure": false,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "_ScCbts",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
4 request(s) to policy.app.cookieinformation.com (unknown).
Remediation
No action needed. This is your CookieInformation consent management platform functioning correctly to ensure GDPR compliance.
Raw Data
{
"domain": "policy.app.cookieinformation.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://policy.app.cookieinformation.com/uc.js",
"https://policy.app.cookieinformation.com/cookie-data/kokkeloren.no/cabl.json",
"https://policy.app.cookieinformation.com/cookiesharingiframe.html",
"https://policy.app.cookieinformation.com/latest/66273/en.js"
],
"pii_detected": [],
"request_count": 4,
"resource_types": [
"document",
"xhr",
"script"
]
}Detail
2 request(s) to consentcdn.cookiebot.com (unknown).
Remediation
Clarify why you have both Cookiebot and CookieInformation consent systems. Running multiple consent platforms may confuse visitors and create conflicts.
Raw Data
{
"domain": "consentcdn.cookiebot.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://consentcdn.cookiebot.com/sdk/bc-v4.min.html",
"https://consentcdn.cookiebot.com/consentconfig/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/settings.json"
],
"pii_detected": [],
"request_count": 2,
"resource_types": [
"document",
"xhr"
]
}Detail
1 request(s) to js-eu1.hs-scripts.com (unknown).
Remediation
Ensure HubSpot scripts only load after obtaining proper consent for marketing cookies. Using EU servers is good for data protection compliance.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "js-eu1.hs-scripts.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://js-eu1.hs-scripts.com/139580736.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
2 request(s) to kokkeloren-snack-runner.kokkeloren.workers.dev (unknown).
Remediation
No action needed. This appears to be your own subscription service infrastructure. Ensure user data handled through this service is properly secured.
Raw Data
{
"domain": "kokkeloren-snack-runner.kokkeloren.workers.dev",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://kokkeloren-snack-runner.kokkeloren.workers.dev/user/subscription",
"https://kokkeloren-snack-runner.kokkeloren.workers.dev/user/subscription"
],
"pii_detected": [],
"request_count": 2,
"resource_types": [
"fetch"
]
}Detail
1 request(s) to js-eu1.hs-banner.com (unknown).
Remediation
Ensure HubSpot banners only display after obtaining proper consent. Using EU-hosted scripts helps with GDPR compliance for marketing tools.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "js-eu1.hs-banner.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://js-eu1.hs-banner.com/v2/139580736/banner.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
1 request(s) to js-eu1.hs-analytics.net (unknown).
Remediation
Configure HubSpot analytics to only activate after receiving marketing consent. EU server hosting is positive for GDPR compliance.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "js-eu1.hs-analytics.net",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://js-eu1.hs-analytics.net/analytics/1773741600000/139580736.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
1 request(s) to tr6.snapchat.com (unknown).
Remediation
Audit all Snapchat tracking implementations. Remove redundant tracking calls and ensure all Snapchat data collection only occurs after advertising consent.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "tr6.snapchat.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://tr6.snapchat.com/p"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"ping"
]
}Detail
Found Google Ads (via GTM) reference in GTM container GTM-N8S3TGCP. This tracker may fire based on container triggers.
Remediation
Remove Google Ads tracking tags from Google Tag Manager unless you're actively running Google Ads campaigns. If you are running ads, ensure consent is obtained before any tracking fires. Consider privacy-focused advertising alternatives like Bing Ads with enhanced privacy settings, or focus on first-party email marketing to existing customers.
Legal Reference
GDPR Art. 6, ePrivacy Directive Art. 5(3)
Raw Data
{
"via": "raw_js_scan",
"container_id": "GTM-N8S3TGCP",
"detected_pattern": "googleadservices\\.com"
}Detail
Found DoubleClick (via GTM) reference in GTM container GTM-N8S3TGCP. This tracker may fire based on container triggers.
Remediation
Immediately remove DoubleClick tags from Google Tag Manager. DoubleClick is purely for cross-site advertising tracking and provides no benefit to your food delivery business. If you need remarketing, use Google Ads remarketing with proper consent, or switch to privacy-focused alternatives like contextual advertising that doesn't track individuals.
Legal Reference
GDPR Art. 6, Schrems II
Raw Data
{
"via": "raw_js_scan",
"container_id": "GTM-N8S3TGCP",
"detected_pattern": "doubleclick\\.net"
}Detail
1 request(s) to pagead2.googlesyndication.com (Display advertising network).
Remediation
Audit your Google Tag Manager setup to identify which tags are triggering these pagead2.googlesyndication.com requests. If you're not running active ad campaigns, remove these tags entirely. If you need advertising measurement, implement server-side tracking or use privacy-focused analytics that don't share data with advertising networks.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "pagead2.googlesyndication.com",
"vendor": "Google",
"purpose": "Display advertising network",
"sample_urls": [
"https://pagead2.googlesyndication.com/ccm/collect?frm=0&ae=g&en=page_view&dl=https%3A%2F%2Fkokkeloren.no%2F&scrsrc=sgtm.kokkeloren.no&rnd=208644888.1773747858&navt=n&npa=1&us_privacy=1---&ep.ads_data_"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"fetch"
]
}Detail
1 request(s) to o463742.ingest.us.sentry.io (Error monitoring and performance tracking) — PII detected: name in POST body.
Remediation
Either remove personal data from error logs before sending to Sentry, switch to EU-hosted Sentry, or implement a self-hosted error monitoring solution like Bugsnag EU or Rollbar EU. Ensure any error tracking only starts after visitor consent.
Legal Reference
GDPR Art. 6 (lawful basis), Art. 44-49 (international transfers), Schrems II
Raw Data
{
"domain": "o463742.ingest.us.sentry.io",
"vendor": "Sentry",
"purpose": "Error monitoring and performance tracking",
"sample_urls": [
"https://o463742.ingest.us.sentry.io/api/4508449385807872/envelope/?sentry_version=7&sentry_key=6324798c673cf01315a26377634bb817&sentry_client=sentry.javascript.nextjs%2F9.10.0"
],
"pii_detected": [
"name in POST body"
],
"request_count": 1,
"resource_types": [
"fetch"
]
}Detail
Found Google Tag Manager (Google) loading from https://www.googletagmanager.com/gtm.js?id=GTM-N8S3TGCP>g_health=1. Purpose: Tag management system that can load any tracking script.
Remediation
Audit all tags currently loaded through GTM. Remove any tracking that fires before consent. Consider switching to a privacy-focused tag manager like Matomo Tag Manager (EU-hosted) or implement tracking directly without a third-party container.
Legal Reference
GDPR Art. 7 (consent), ePrivacy Directive Art. 5(3)
Raw Data
{
"vendor": "Google",
"purpose": "Tag management system that can load any tracking script",
"category": "analytics",
"script_src": "https://www.googletagmanager.com/gtm.js?id=GTM-N8S3TGCP>g_health=1",
"gdpr_concern": "Container may include any number of tracking tags, often without the site owner's full awareness.",
"tracker_name": "Google Tag Manager",
"data_collected": [
"depends on configured tags"
]
}Detail
GTM container GTM-N8S3TGCP is loaded on this page. It acts as a hub that can load any number of tracking tags.
Remediation
Log into your GTM account and review all active tags, triggers, and variables. Disable any analytics or advertising tags that fire before consent. Document what data each tag collects for your privacy policy.
Legal Reference
GDPR Art. 7 (consent), Art. 13 (transparency)
Raw Data
{
"container_id": "GTM-N8S3TGCP"
}Detail
1 request(s) to www.googletagmanager.com (Tag management system that can load any tracking script).
Remediation
This is the GTM script loading - address this by implementing the GTM remediation above. Ensure no Google services load before explicit visitor consent.
Legal Reference
GDPR Art. 6 (lawful basis), ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "www.googletagmanager.com",
"vendor": "Google",
"purpose": "Tag management system that can load any tracking script",
"sample_urls": [
"https://www.googletagmanager.com/gtm.js?id=GTM-N8S3TGCP>g_health=1"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
Found Microsoft Clarity (via GTM) reference in GTM container GTM-N8S3TGCP. This tracker may fire based on container triggers.
Remediation
Immediately audit your Google Tag Manager to ensure Clarity only fires AFTER explicit consent for session recording. Add clear disclosure in your privacy policy that visitor sessions are recorded. Consider privacy-friendly alternatives like self-hosted Matomo heatmaps or disabling session recording entirely if not essential for your business.
Legal Reference
GDPR Art. 6 (lawful basis), Art. 13 (transparency), ePrivacy Directive Art. 5(3)
Raw Data
{
"via": "raw_js_scan",
"container_id": "GTM-N8S3TGCP",
"detected_pattern": "clarity\\.ms"
}Detail
Found Snapchat Pixel (Snap Inc.) loading from https://sc-static.net/scevent.min.js. Purpose: Conversion tracking for Snapchat ads.
Remediation
Remove the Snapchat Pixel script or move it behind explicit consent. Consider server-side conversion tracking or first-party analytics to measure ad campaign effectiveness without exposing visitor data to US platforms.
Legal Reference
GDPR Art. 6, Schrems II, ePrivacy Directive Art. 5(3)
Raw Data
{
"vendor": "Snap Inc.",
"purpose": "Conversion tracking for Snapchat ads",
"category": "advertising",
"script_src": "https://sc-static.net/scevent.min.js",
"gdpr_concern": "US data transfer for ad tracking.",
"tracker_name": "Snapchat Pixel",
"data_collected": [
"conversions",
"page views"
]
}Detail
1 request(s) to sc-static.net (Conversion tracking for Snapchat ads).
Remediation
Block the sc-static.net domain until proper consent mechanisms are implemented. Implement consent-conditional loading where Snapchat tracking only activates after explicit visitor approval.
Legal Reference
GDPR Art. 6, Schrems II, ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "sc-static.net",
"vendor": "Snap Inc.",
"purpose": "Conversion tracking for Snapchat ads",
"sample_urls": [
"https://sc-static.net/scevent.min.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
Tests which fonts are installed by measuring text rendering differences. Attributed to: https://kokkeloren.no/_next/static/chunks/2d1400c4-80e8491da2619b0b.js
Remediation
Remove font fingerprinting code from your Next.js bundle. If you need to detect font support for design purposes, use CSS font-display: swap and fallback fonts instead. Consider auditing your JavaScript dependencies for unnecessary fingerprinting libraries.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 5(1)(a)
Raw Data
{
"technique": "font",
"match_count": 2,
"source_script": "https://kokkeloren.no/_next/static/chunks/2d1400c4-80e8491da2619b0b.js",
"patterns_matched": [
"measureText\\s*\\(.*?\\).*?width",
"fontFamily.*?(?:serif|sans-serif|monospace).*?fontFamily"
]
}