https://kokkeloren.no/
Severe privacy issues requiring immediate attention
40
Trackers Found
15
Cookies
121
Network Requests
7.6s
Load Time
Kokkeloren.no faces severe GDPR compliance risks with multiple tracking systems collecting personal data and transferring it to US servers without proper consent. The site has extensive surveillance infrastructure (Snapchat Pixel, Google advertising suite, session recording, fingerprinting) that activates immediately upon visit, before visitors can consent. While a CookieBot consent system is installed, it's critically misconfigured to allow pre-consent tracking and lacks a proper rejection mechanism. This combination of US data transfers, personal data collection without consent, and broken consent management creates maximum regulatory exposure.
Critical Actions:
Detail
Found 13 tracking cookie(s) and 1 tracking request(s) BEFORE any consent interaction. This is the most common GDPR violation.
Remediation
Configure CookieBot to block ALL tracking until consent is given. Review your Google Tag Manager setup to ensure no tags fire before consent. Test by visiting your site in incognito mode — no tracking cookies should appear until you click accept.
Legal Reference
GDPR Art. 5(1)(a), Art. 6, ePrivacy Directive Art. 5(3)
Raw Data
{
"tracking_cookies_before_consent": 13,
"tracking_requests_before_consent": 1
}Detail
The consent banner has no visible 'reject' or 'decline' button. Under GDPR, rejecting cookies must be as easy as accepting them.
Remediation
Add a clear 'Reject All' button to your CookieBot banner that is equally prominent to the Accept button. Configure it to actually block tracking when clicked. The GDPR requires that saying no must be as easy as saying yes.
Legal Reference
GDPR Art. 7, Planet49 ruling, EDPB Guidelines 05/2020
Raw Data
{
"reject_button_found": false
}Detail
Found CookieBot CMP (CookieBot (Usercentrics)) loading from https://consent.cookiebot.com/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/cc.js?renew=false&referer=kokkeloren.no&dnt=false&init=false. Purpose: Cookie consent management platform.
Remediation
Ensure CookieBot is configured to actually block tracking before consent. Review your CookieBot dashboard settings to verify all tracking technologies are categorized and controlled properly.
Legal Reference
GDPR Art. 25 (privacy by design)
Raw Data
{
"vendor": "CookieBot (Usercentrics)",
"purpose": "Cookie consent management platform",
"category": "consent",
"script_src": "https://consent.cookiebot.com/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/cc.js?renew=false&referer=kokkeloren.no&dnt=false&init=false",
"gdpr_concern": "Consent management tool.",
"tracker_name": "CookieBot CMP",
"data_collected": [
"consent preferences"
]
}Detail
2 request(s) to consent.cookiebot.com (Cookie consent management platform).
Remediation
No action needed. These requests are part of your legitimate consent management system. Ensure your privacy policy mentions CookieBot as a processor.
Legal Reference
GDPR Art. 28 (processor agreements)
Raw Data
{
"domain": "consent.cookiebot.com",
"vendor": "CookieBot (Usercentrics)",
"purpose": "Cookie consent management platform",
"sample_urls": [
"https://consent.cookiebot.com/uc.js?cbid=722d4d5b-d6d6-4159-8ee4-e23e6a44b532&implementation=gtm&consentmode-dataredaction=dynamic",
"https://consent.cookiebot.com/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/cc.js?renew=false&referer=kokkeloren.no&dnt=false&init=false"
],
"pii_detected": [],
"request_count": 2,
"resource_types": [
"script"
]
}Detail
Cookie consent banner powered by Custom consent banner (Custom) is present on the page.
Remediation
Continue using the consent banner but fix the issues with pre-consent tracking and missing reject button. Consider switching to CookieBot's standard banner interface for better compliance.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"cmp": "Custom consent banner",
"vendor": "Custom"
}Detail
1 request(s) to track-eu1.hubspot.com (unknown) — PII detected: ln (URL parameter).
Remediation
Configure HubSpot tracking to only activate after consent is given. Review HubSpot's EU hosting options and ensure proper data processing agreements are in place.
Legal Reference
GDPR Art. 6, GDPR Art. 28
Raw Data
{
"domain": "track-eu1.hubspot.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1920x1080&cd=24-bit&cs=UTF-8&ln=nb-no&v=1.1&a=139580736&pu=https%3A%2F%2Fkokkeloren.no%2F&t=Matkasse+fra+Kokkel%C3%B8ren&cts=1773748581443&vi=fa9543b18d3"
],
"pii_detected": [
"ln (URL parameter)"
],
"request_count": 1,
"resource_types": [
"image"
]
}Detail
4 request(s) to tr.snapchat.com (unknown) — PII detected: name in POST body, e in POST body.
Remediation
Remove Snapchat Pixel completely or implement strict consent gating - data should only be sent after explicit opt-in consent. Consider Snapchat's Conversions API for server-side tracking with proper consent management.
Legal Reference
GDPR Art. 6, Schrems II
Raw Data
{
"domain": "tr.snapchat.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://tr.snapchat.com/config/no/1d31ab17-414f-451d-8894-ae8da4c42eca.json?v=3.54.2-2603162155",
"https://tr.snapchat.com/cm/i?pid=1d31ab17-414f-451d-8894-ae8da4c42eca&u_scsid=07d8ffad-1fe8-42e6-a2bd-047111cf76af&u_sclid=b1c62ad0-0a8c-4878-ad1e-6f44a9397301",
"https://tr.snapchat.com/p",
"https://tr.snapchat.com/p"
],
"pii_detected": [
"name in POST body",
"e in POST body"
],
"request_count": 4,
"resource_types": [
"fetch",
"document",
"ping"
]
}Detail
Third-party cookie from sc-static.net, expires: 0 days, purpose: Unrecognized cookie.
Remediation
Identify what sc-static.net service this belongs to and either remove it or ensure it's covered by your consent mechanism. Unknown third-party cookies pose compliance risks.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"expiry": "0 days",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "None",
"cookie_name": "X-AB",
"cookie_domain": "sc-static.net",
"is_long_lived": false,
"is_third_party": true
}Raw Data
{
"expiry": "0 days",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "None",
"cookie_name": "__cf_bm",
"cookie_domain": "hubspot.com",
"is_long_lived": false,
"is_third_party": true
}Raw Data
{
"expiry": "session",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "None",
"cookie_name": "_cfuvid",
"cookie_domain": "hubspot.com",
"is_long_lived": false,
"is_third_party": true
}Detail
First-party cookie from kokkeloren.no, expires: 5 months, purpose: HubSpot visitor tracking cookie.. Vendor: HubSpot.
Remediation
Ensure HubSpot tracking cookies only activate after consent. Consider reducing the tracking duration from 5 months if not necessary for your business needs.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 5(1)(c)
Raw Data
{
"expiry": "5 months",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__hstc",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 5 months, purpose: HubSpot user token for visitor identification.. Vendor: HubSpot.
Remediation
Gate this HubSpot visitor identification behind explicit consent. The 5-month duration should be justified by legitimate business needs and documented in your privacy policy.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 5(1)(c)
Raw Data
{
"expiry": "5 months",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "hubspotutk",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: session, purpose: HubSpot session reset detection.. Vendor: HubSpot.
Remediation
Ensure this HubSpot session cookie only activates after consent for analytics tracking.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"expiry": "session",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__hssrc",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 0 days, purpose: HubSpot session tracking.. Vendor: HubSpot.
Remediation
Gate this HubSpot session tracking behind explicit consent for analytics.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"expiry": "0 days",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__hssc",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from clerk.kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
This appears to be a legitimate authentication cookie. Document it in your privacy policy as a functional cookie necessary for user accounts.
Legal Reference
GDPR Art. 13
Raw Data
{
"expiry": "1 years",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "Lax",
"cookie_name": "__client",
"cookie_domain": "clerk.kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Document these Clerk authentication cookies in your privacy policy. Ensure the one-year duration is necessary for user experience.
Legal Reference
GDPR Art. 13
Raw Data
{
"expiry": "1 years",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__client_uat",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Document this Clerk session token in your privacy policy. Review if one-year duration is necessary for session management.
Legal Reference
GDPR Art. 13
Raw Data
{
"expiry": "1 years",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__client_uat_rj7vSR9-",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from clerk.kokkeloren.no, expires: 0 days, purpose: Unrecognized cookie.
Remediation
Document these security cookies in your privacy policy as functional cookies necessary for account protection.
Legal Reference
GDPR Art. 13
Raw Data
{
"expiry": "0 days",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "None",
"cookie_name": "__cf_bm",
"cookie_domain": "clerk.kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from clerk.kokkeloren.no, expires: session, purpose: Unrecognized cookie.
Remediation
Document these Cloudflare security cookies in your privacy policy as functional cookies.
Legal Reference
GDPR Art. 13
Raw Data
{
"expiry": "session",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "None",
"cookie_name": "_cfuvid",
"cookie_domain": "clerk.kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Identify what service sets the _scid cookie, ensure it's covered by consent, and configure it to use secure transmission (HTTPS only). One-year duration needs clear justification.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 32
Raw Data
{
"expiry": "1 years",
"secure": false,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "_scid",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Same as _scid - identify the service, ensure consent coverage, enable secure transmission, and justify the one-year retention period.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 32
Raw Data
{
"expiry": "1 years",
"secure": false,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "_scid_r",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 6 days, purpose: Unrecognized cookie.
Remediation
Identify what service sets _ScCbts cookie, ensure it's covered by consent, and enable secure transmission.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"expiry": "6 days",
"secure": false,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "_ScCbts",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
4 request(s) to policy.app.cookieinformation.com (unknown).
Remediation
This is expected behavior for your consent management. Ensure the consent configuration properly covers all tracking cookies found on the site.
Raw Data
{
"domain": "policy.app.cookieinformation.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://policy.app.cookieinformation.com/uc.js",
"https://policy.app.cookieinformation.com/cookie-data/kokkeloren.no/cabl.json",
"https://policy.app.cookieinformation.com/cookiesharingiframe.html",
"https://policy.app.cookieinformation.com/latest/66273/en.js"
],
"pii_detected": [],
"request_count": 4,
"resource_types": [
"xhr",
"document",
"script"
]
}Detail
2 request(s) to consentcdn.cookiebot.com (unknown).
Remediation
Use only one consent management platform to avoid conflicts. Multiple consent systems can confuse users and create compliance gaps.
Legal Reference
GDPR Art. 7
Raw Data
{
"domain": "consentcdn.cookiebot.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://consentcdn.cookiebot.com/sdk/bc-v4.min.html",
"https://consentcdn.cookiebot.com/consentconfig/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/settings.json"
],
"pii_detected": [],
"request_count": 2,
"resource_types": [
"xhr",
"document"
]
}Detail
1 request(s) to js-eu1.hs-scripts.com (unknown).
Remediation
Continue using HubSpot's EU infrastructure. Ensure these scripts only load after consent for analytics tracking.
Raw Data
{
"domain": "js-eu1.hs-scripts.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://js-eu1.hs-scripts.com/139580736.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
1 request(s) to kokkeloren-snack-runner.kokkeloren.workers.dev (unknown).
Remediation
This is internal API communication. Ensure any personal data processed through this endpoint has proper legal basis and is documented in your privacy policy.
Legal Reference
GDPR Art. 13
Raw Data
{
"domain": "kokkeloren-snack-runner.kokkeloren.workers.dev",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://kokkeloren-snack-runner.kokkeloren.workers.dev/user/subscription"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"fetch"
]
}Detail
1 request(s) to js-eu1.hs-banner.com (unknown).
Remediation
Good use of EU infrastructure. Ensure these banner scripts respect consent preferences.
Raw Data
{
"domain": "js-eu1.hs-banner.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://js-eu1.hs-banner.com/v2/139580736/banner.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
1 request(s) to js-eu1.hs-analytics.net (unknown).
Remediation
Continue using EU-hosted HubSpot analytics. Ensure tracking only starts after explicit consent.
Raw Data
{
"domain": "js-eu1.hs-analytics.net",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://js-eu1.hs-analytics.net/analytics/1773741600000/139580736.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
1 request(s) to tr6.snapchat.com (unknown).
Remediation
Remove all Snapchat tracking infrastructure or implement proper consent gating for all Snapchat domains.
Legal Reference
GDPR Art. 6, Schrems II
Raw Data
{
"domain": "tr6.snapchat.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://tr6.snapchat.com/p"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"ping"
]
}Detail
Found Google Ads (via GTM) reference in GTM container GTM-N8S3TGCP. This tracker may fire based on container triggers.
Remediation
Remove Google Ads tracking from your Google Tag Manager container unless you're actively running remarketing campaigns. If you need remarketing, implement proper consent management that only loads these tags after explicit consent for advertising cookies.
Legal Reference
GDPR Art. 6 (lawful basis), ePrivacy Directive Art. 5(3) (consent for tracking)
Raw Data
{
"via": "raw_js_scan",
"container_id": "GTM-N8S3TGCP",
"detected_pattern": "googleadservices\\.com"
}Detail
Found DoubleClick (via GTM) reference in GTM container GTM-N8S3TGCP. This tracker may fire based on container triggers.
Remediation
Remove DoubleClick tracking tags from Google Tag Manager unless you're running display advertising campaigns. If needed for advertising, ensure tags only fire after explicit consent and consider privacy-focused advertising alternatives like contextual advertising.
Legal Reference
GDPR Art. 6 (lawful basis), CNIL v. Google (2022) - consent violations
Raw Data
{
"via": "raw_js_scan",
"container_id": "GTM-N8S3TGCP",
"detected_pattern": "doubleclick\\.net"
}Detail
1 request(s) to pagead2.googlesyndication.com (Display advertising network).
Remediation
Audit your Google Tag Manager setup to identify why pagead2.googlesyndication.com is being called. Remove unnecessary advertising tags or implement consent-gated loading so these requests only happen after visitor approval.
Legal Reference
GDPR Art. 7 (conditions for consent), Planet49 ruling (active consent required)
Raw Data
{
"domain": "pagead2.googlesyndication.com",
"vendor": "Google",
"purpose": "Display advertising network",
"sample_urls": [
"https://pagead2.googlesyndication.com/ccm/collect?frm=0&ae=g&en=page_view&dl=https%3A%2F%2Fkokkeloren.no%2F&scrsrc=sgtm.kokkeloren.no&rnd=1690962973.1773748583&navt=n&npa=1&us_privacy=1---&ep.ads_data"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"fetch"
]
}Detail
1 request(s) to o463742.ingest.us.sentry.io (Error monitoring and performance tracking) — PII detected: name in POST body.
Remediation
Configure Sentry to exclude personal data from error reports, implement data scrubbing rules, or switch to an EU-hosted error monitoring service like Rollbar EU or self-hosted Sentry.
Legal Reference
GDPR Art. 44-49, Schrems II
Raw Data
{
"domain": "o463742.ingest.us.sentry.io",
"vendor": "Sentry",
"purpose": "Error monitoring and performance tracking",
"sample_urls": [
"https://o463742.ingest.us.sentry.io/api/4508449385807872/envelope/?sentry_version=7&sentry_key=6324798c673cf01315a26377634bb817&sentry_client=sentry.javascript.nextjs%2F9.10.0"
],
"pii_detected": [
"name in POST body"
],
"request_count": 1,
"resource_types": [
"fetch"
]
}Detail
Found Google Tag Manager (Google) loading from https://www.googletagmanager.com/gtm.js?id=GTM-N8S3TGCP>g_health=1. Purpose: Tag management system that can load any tracking script.
Remediation
Audit all tags in GTM container GTM-N8S3TGCP, remove unnecessary tags, ensure all tracking only fires after consent, or consider server-side tagging to reduce Google's data access.
Legal Reference
GDPR Art. 5(1)(a), ePrivacy Directive Art. 5(3)
Raw Data
{
"vendor": "Google",
"purpose": "Tag management system that can load any tracking script",
"category": "analytics",
"script_src": "https://www.googletagmanager.com/gtm.js?id=GTM-N8S3TGCP>g_health=1",
"gdpr_concern": "Container may include any number of tracking tags, often without the site owner's full awareness.",
"tracker_name": "Google Tag Manager",
"data_collected": [
"depends on configured tags"
]
}Detail
GTM container GTM-N8S3TGCP is loaded on this page. It acts as a hub that can load any number of tracking tags.
Remediation
Regularly audit your GTM container, implement GTM workspace permissions, document all active tags, and ensure change management processes for new tags.
Legal Reference
GDPR Art. 25
Raw Data
{
"container_id": "GTM-N8S3TGCP"
}Detail
1 request(s) to www.googletagmanager.com (Tag management system that can load any tracking script).
Remediation
Implement consent-gated tag loading so GTM only loads after visitor consent, or consider privacy-friendly tag management alternatives like self-hosted solutions.
Legal Reference
GDPR Art. 6, ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "www.googletagmanager.com",
"vendor": "Google",
"purpose": "Tag management system that can load any tracking script",
"sample_urls": [
"https://www.googletagmanager.com/gtm.js?id=GTM-N8S3TGCP>g_health=1"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
Found Microsoft Clarity (via GTM) reference in GTM container GTM-N8S3TGCP. This tracker may fire based on container triggers.
Remediation
Remove Microsoft Clarity from Google Tag Manager or ensure it only loads AFTER visitors give explicit consent. Consider privacy-friendly alternatives like self-hosted analytics (Matomo) or basic analytics without session recording (Plausible, Fathom). If keeping Clarity, implement proper input masking and consent gating.
Legal Reference
GDPR Art. 6, Art. 13, ePrivacy Directive Art. 5(3)
Raw Data
{
"via": "raw_js_scan",
"container_id": "GTM-N8S3TGCP",
"detected_pattern": "clarity\\.ms"
}Detail
Found Snapchat Pixel (Snap Inc.) loading from https://sc-static.net/scevent.min.js. Purpose: Conversion tracking for Snapchat ads.
Remediation
Remove the Snapchat Pixel code or move it behind explicit consent. Only load after visitors actively consent to advertising tracking. Consider using first-party conversion tracking or server-side events to reduce third-party data sharing.
Legal Reference
ePrivacy Directive Art. 5(3), Schrems II
Raw Data
{
"vendor": "Snap Inc.",
"purpose": "Conversion tracking for Snapchat ads",
"category": "advertising",
"script_src": "https://sc-static.net/scevent.min.js",
"gdpr_concern": "US data transfer for ad tracking.",
"tracker_name": "Snapchat Pixel",
"data_collected": [
"conversions",
"page views"
]
}Detail
1 request(s) to sc-static.net (Conversion tracking for Snapchat ads).
Remediation
Block these requests until consent is obtained. Implement consent management that prevents the Snapchat script from loading before visitors agree to advertising cookies and tracking.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 6
Raw Data
{
"domain": "sc-static.net",
"vendor": "Snap Inc.",
"purpose": "Conversion tracking for Snapchat ads",
"sample_urls": [
"https://sc-static.net/scevent.min.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
Tests which fonts are installed by measuring text rendering differences. Attributed to: https://kokkeloren.no/_next/static/chunks/2d1400c4-80e8491da2619b0b.js
Remediation
Remove the font fingerprinting code from your Next.js bundle. If you need font detection for legitimate technical purposes, use CSS font-display properties or web font loading APIs instead. Consider why this fingerprinting is necessary - most legitimate uses can be replaced with privacy-friendly alternatives.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 5(1)(a)
Raw Data
{
"technique": "font",
"match_count": 2,
"source_script": "https://kokkeloren.no/_next/static/chunks/2d1400c4-80e8491da2619b0b.js",
"patterns_matched": [
"measureText\\s*\\(.*?\\).*?width",
"fontFamily.*?(?:serif|sans-serif|monospace).*?fontFamily"
]
}