https://kokkeloren.no/
Severe privacy issues requiring immediate attention
40
Trackers Found
15
Cookies
121
Network Requests
9.5s
Load Time
Kokkeløren.no has serious GDPR compliance violations with multiple tracking systems (Snapchat, Google Ads, Microsoft Clarity, HubSpot) collecting personal data without valid consent. The site's consent mechanism is fundamentally broken - tracking starts immediately before users can consent, and there's no option to reject cookies. The combination of pre-consent tracking, PII leakage to US servers, and fingerprinting techniques creates maximum regulatory exposure under current EU enforcement trends.
Critical Actions:
Detail
Found 13 tracking cookie(s) and 1 tracking request(s) BEFORE any consent interaction. This is the most common GDPR violation.
Remediation
Configure your tracking tools to only load AFTER explicit consent is given. All analytics, advertising, and marketing cookies must be blocked until visitors actively accept them. Work with your developer to implement consent-first loading.
Legal Reference
GDPR Art. 5(1)(a), ePrivacy Directive Art. 5(3)
Raw Data
{
"tracking_cookies_before_consent": 13,
"tracking_requests_before_consent": 1
}Detail
The consent banner has no visible 'reject' or 'decline' button. Under GDPR, rejecting cookies must be as easy as accepting them.
Remediation
Add a prominent 'Reject All' button that's as visible and easy to click as your 'Accept' button. The reject option must genuinely stop all non-essential tracking and be presented without dark patterns.
Legal Reference
GDPR Art. 7, Planet49 ruling, EDPB Guidelines 05/2020
Raw Data
{
"reject_button_found": false
}Detail
Found CookieBot CMP (CookieBot (Usercentrics)) loading from https://consent.cookiebot.com/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/cc.js?renew=false&referer=kokkeloren.no&dnt=false&init=false. Purpose: Cookie consent management platform.
Remediation
Review your Cookiebot configuration to ensure it's blocking all tracking before consent and providing a genuine reject option. Consider upgrading to their latest version which better handles consent-first loading.
Legal Reference
GDPR Art. 7
Raw Data
{
"vendor": "CookieBot (Usercentrics)",
"purpose": "Cookie consent management platform",
"category": "consent",
"script_src": "https://consent.cookiebot.com/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/cc.js?renew=false&referer=kokkeloren.no&dnt=false&init=false",
"gdpr_concern": "Consent management tool.",
"tracker_name": "CookieBot CMP",
"data_collected": [
"consent preferences"
]
}Detail
2 request(s) to consent.cookiebot.com (Cookie consent management platform).
Remediation
No action needed. These are legitimate requests for your consent management platform to work.
Raw Data
{
"domain": "consent.cookiebot.com",
"vendor": "CookieBot (Usercentrics)",
"purpose": "Cookie consent management platform",
"sample_urls": [
"https://consent.cookiebot.com/uc.js?cbid=722d4d5b-d6d6-4159-8ee4-e23e6a44b532&implementation=gtm&consentmode-dataredaction=dynamic",
"https://consent.cookiebot.com/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/cc.js?renew=false&referer=kokkeloren.no&dnt=false&init=false"
],
"pii_detected": [],
"request_count": 2,
"resource_types": [
"script"
]
}Detail
Cookie consent banner powered by Custom consent banner (Custom) is present on the page.
Remediation
The banner detection is working, but focus on fixing the pre-consent tracking and adding a reject button rather than the banner appearance itself.
Legal Reference
GDPR Art. 7
Raw Data
{
"cmp": "Custom consent banner",
"vendor": "Custom"
}Detail
4 request(s) to tr.snapchat.com (unknown) — PII detected: e in POST body.
Remediation
Remove Snapchat Pixel tracking code or ensure it only loads after explicit consent. Consider if Snapchat advertising is essential for your meal kit business.
Legal Reference
GDPR Art. 6, Art. 7, ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "tr.snapchat.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://tr.snapchat.com/config/no/1d31ab17-414f-451d-8894-ae8da4c42eca.json?v=3.54.2-2603162155",
"https://tr.snapchat.com/cm/i?pid=1d31ab17-414f-451d-8894-ae8da4c42eca&u_scsid=f524038d-1244-440e-a389-d2ff1c4b724d&u_sclid=858ad9e4-2d76-4633-b8f4-d612d0a4cbf3",
"https://tr.snapchat.com/p",
"https://tr.snapchat.com/p"
],
"pii_detected": [
"e in POST body"
],
"request_count": 4,
"resource_types": [
"fetch",
"ping",
"document"
]
}Detail
1 request(s) to track-eu1.hubspot.com (unknown) — PII detected: ln (URL parameter).
Remediation
Configure HubSpot tracking to only activate after consent, or switch to privacy-friendly analytics like Plausible or self-hosted Matomo.
Legal Reference
GDPR Art. 6, Art. 13
Raw Data
{
"domain": "track-eu1.hubspot.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1920x1080&cd=24-bit&cs=UTF-8&ln=nb-no&v=1.1&a=139580736&pu=https%3A%2F%2Fkokkeloren.no%2F&t=Matkasse+fra+Kokkel%C3%B8ren&cts=1773751488607&vi=58a55e4d88a"
],
"pii_detected": [
"ln (URL parameter)"
],
"request_count": 1,
"resource_types": [
"image"
]
}Detail
Third-party cookie from sc-static.net, expires: 0 days, purpose: Unrecognized cookie.
Remediation
Identify the purpose of sc-static.net cookies, remove if unnecessary, or ensure proper consent mechanism covers all third-party cookies.
Legal Reference
GDPR Art. 13, ePrivacy Directive Art. 5(3)
Raw Data
{
"expiry": "0 days",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "None",
"cookie_name": "X-AB",
"cookie_domain": "sc-static.net",
"is_long_lived": false,
"is_third_party": true
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Snapchat conversion tracking cookie.. Vendor: Snap Inc..
Remediation
Configure Snapchat Pixel to only set cookies after explicit marketing consent, or remove if not essential for business.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 7
Raw Data
{
"expiry": "1 years",
"secure": false,
"vendor": "Snap Inc.",
"purpose": "marketing",
"http_only": false,
"same_site": "Lax",
"cookie_name": "_scid",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Snapchat conversion tracking cookie (restricted).. Vendor: Snap Inc..
Remediation
Remove this secondary Snapchat tracking cookie or ensure it only sets after explicit marketing consent.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 7
Raw Data
{
"expiry": "1 years",
"secure": false,
"vendor": "Snap Inc.",
"purpose": "marketing",
"http_only": false,
"same_site": "Lax",
"cookie_name": "_scid_r",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Raw Data
{
"expiry": "session",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "None",
"cookie_name": "_cfuvid",
"cookie_domain": "hubspot.com",
"is_long_lived": false,
"is_third_party": true
}Detail
First-party cookie from kokkeloren.no, expires: 5 months, purpose: HubSpot visitor tracking cookie.. Vendor: HubSpot.
Remediation
Reduce HubSpot cookie lifetime or switch to privacy-friendly analytics that don't require long-term visitor tracking.
Legal Reference
GDPR Art. 5(1)(c) - data minimization
Raw Data
{
"expiry": "5 months",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__hstc",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 5 months, purpose: HubSpot user token for visitor identification.. Vendor: HubSpot.
Remediation
Consider if long-term visitor identification is necessary, or switch to session-based analytics that don't track individuals over time.
Legal Reference
GDPR Art. 5(1)(c) - data minimization
Raw Data
{
"expiry": "5 months",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "hubspotutk",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: session, purpose: HubSpot session reset detection.. Vendor: HubSpot.
Remediation
This is typically necessary for HubSpot functionality, ensure it's covered in privacy policy and consent mechanism.
Legal Reference
GDPR Art. 13
Raw Data
{
"expiry": "session",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__hssrc",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 0 days, purpose: HubSpot session tracking.. Vendor: HubSpot.
Remediation
Standard HubSpot cookie, ensure it's documented and covered by proper consent for marketing analytics.
Legal Reference
GDPR Art. 13
Raw Data
{
"expiry": "0 days",
"secure": false,
"vendor": "HubSpot",
"purpose": "analytics",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__hssc",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from clerk.kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Review Clerk cookie settings and reduce lifetime if possible, ensure user authentication cookies are documented in privacy policy.
Legal Reference
GDPR Art. 5(1)(e) - storage limitation
Raw Data
{
"expiry": "1 years",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "Lax",
"cookie_name": "__client",
"cookie_domain": "clerk.kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Consider reducing authentication cookie lifetime to match typical user session patterns (weeks rather than years).
Legal Reference
GDPR Art. 5(1)(e) - storage limitation
Raw Data
{
"expiry": "1 years",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__client_uat",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 1 years, purpose: Unrecognized cookie.
Remediation
Audit all authentication cookies and their purposes, reduce storage time where possible.
Legal Reference
GDPR Art. 5(1)(e) - storage limitation
Raw Data
{
"expiry": "1 years",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "__client_uat_rj7vSR9-",
"cookie_domain": "kokkeloren.no",
"is_long_lived": true,
"is_third_party": false
}Detail
First-party cookie from clerk.kokkeloren.no, expires: session, purpose: Unrecognized cookie.
Remediation
Document all technical cookies in privacy policy, ensure visitors understand what authentication cookies are set.
Raw Data
{
"expiry": "session",
"secure": true,
"vendor": "unknown",
"purpose": "unknown",
"http_only": true,
"same_site": "None",
"cookie_name": "_cfuvid",
"cookie_domain": "clerk.kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
First-party cookie from kokkeloren.no, expires: 6 days, purpose: Unrecognized cookie.
Remediation
Identify the exact purpose of this cookie and ensure it's covered by marketing consent if related to Snapchat.
Legal Reference
GDPR Art. 13
Raw Data
{
"expiry": "6 days",
"secure": false,
"vendor": "unknown",
"purpose": "unknown",
"http_only": false,
"same_site": "Lax",
"cookie_name": "_ScCbts",
"cookie_domain": "kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Detail
4 request(s) to policy.app.cookieinformation.com (unknown).
Remediation
No action needed - this is your consent management system working properly.
Raw Data
{
"domain": "policy.app.cookieinformation.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://policy.app.cookieinformation.com/uc.js",
"https://policy.app.cookieinformation.com/cookie-data/kokkeloren.no/cabl.json",
"https://policy.app.cookieinformation.com/cookiesharingiframe.html",
"https://policy.app.cookieinformation.com/latest/66273/en.js"
],
"pii_detected": [],
"request_count": 4,
"resource_types": [
"xhr",
"script",
"document"
]
}Detail
1 request(s) to js-eu1.hs-scripts.com (unknown).
Remediation
Ensure HubSpot scripts only load after visitor consent for marketing/analytics cookies.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "js-eu1.hs-scripts.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://js-eu1.hs-scripts.com/139580736.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
2 request(s) to consentcdn.cookiebot.com (unknown).
Remediation
No action needed - this is your consent management system infrastructure.
Raw Data
{
"domain": "consentcdn.cookiebot.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://consentcdn.cookiebot.com/sdk/bc-v4.min.html",
"https://consentcdn.cookiebot.com/consentconfig/722d4d5b-d6d6-4159-8ee4-e23e6a44b532/settings.json"
],
"pii_detected": [],
"request_count": 2,
"resource_types": [
"xhr",
"document"
]
}Detail
1 request(s) to kokkeloren-snack-runner.kokkeloren.workers.dev (unknown).
Remediation
No privacy action needed - internal business API calls are appropriate.
Raw Data
{
"domain": "kokkeloren-snack-runner.kokkeloren.workers.dev",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://kokkeloren-snack-runner.kokkeloren.workers.dev/user/subscription"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"fetch"
]
}Detail
1 request(s) to js-eu1.hs-banner.com (unknown).
Remediation
Configure HubSpot to only load banner/popup scripts after appropriate consent.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "js-eu1.hs-banner.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://js-eu1.hs-banner.com/v2/139580736/banner.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
1 request(s) to js-eu1.hs-analytics.net (unknown).
Remediation
Implement consent-conditional loading for all HubSpot analytics components.
Legal Reference
ePrivacy Directive Art. 5(3)
Raw Data
{
"domain": "js-eu1.hs-analytics.net",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://js-eu1.hs-analytics.net/analytics/1773741600000/139580736.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
1 request(s) to tr6.snapchat.com (unknown).
Remediation
Consolidate or remove redundant Snapchat tracking endpoints, ensure all only fire after explicit consent.
Legal Reference
GDPR Art. 5(1)(c) - data minimization
Raw Data
{
"domain": "tr6.snapchat.com",
"vendor": null,
"purpose": "unknown",
"sample_urls": [
"https://tr6.snapchat.com/p"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"ping"
]
}Detail
Found Google Ads (via GTM) reference in GTM container GTM-N8S3TGCP. This tracker may fire based on container triggers.
Remediation
Remove Google Ads tracking tags from Google Tag Manager container GTM-N8S3TGCP. If you need conversion tracking, implement server-side tracking or use Google's Enhanced Conversions with hashed data. Ensure any advertising tracking only loads after explicit consent.
Legal Reference
GDPR Art. 6, ePrivacy Directive Art. 5(3)
Raw Data
{
"via": "raw_js_scan",
"container_id": "GTM-N8S3TGCP",
"detected_pattern": "googleadservices\\.com"
}Detail
Found DoubleClick (via GTM) reference in GTM container GTM-N8S3TGCP. This tracker may fire based on container triggers.
Remediation
Remove DoubleClick tracking tags from Google Tag Manager container GTM-N8S3TGCP. DoubleClick is Google's ad exchange network and should only be present if you're actively running display advertising campaigns. Implement proper consent controls if advertising tracking is necessary.
Legal Reference
GDPR Art. 6, ePrivacy Directive Art. 5(3)
Raw Data
{
"via": "raw_js_scan",
"container_id": "GTM-N8S3TGCP",
"detected_pattern": "doubleclick\\.net"
}Detail
1 request(s) to pagead2.googlesyndication.com (Display advertising network).
Remediation
This appears to be conversion tracking or audience collection for Google Ads. Review your Google Tag Manager configuration to identify which tag is making these requests. Remove or configure to only fire after consent. The 'npa=1' parameter suggests non-personalized ads, which is better but still requires consent in the EU.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 6
Raw Data
{
"domain": "pagead2.googlesyndication.com",
"vendor": "Google",
"purpose": "Display advertising network",
"sample_urls": [
"https://pagead2.googlesyndication.com/ccm/collect?frm=0&ae=g&en=page_view&dl=https%3A%2F%2Fkokkeloren.no%2F&scrsrc=sgtm.kokkeloren.no&rnd=1191527141.1773751490&navt=n&npa=1&us_privacy=1---&ep.ads_data"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"fetch"
]
}Detail
2 request(s) to o463742.ingest.us.sentry.io (Error monitoring and performance tracking) — PII detected: name in POST body, ln in POST body.
Remediation
Configure Sentry to filter out PII before transmission, or switch to EU-hosted error monitoring like self-hosted Sentry or LogRocket EU. Implement data scrubbing rules to prevent names and personal identifiers from being sent.
Legal Reference
GDPR Art. 6 (lawful basis) and Schrems II
Raw Data
{
"domain": "o463742.ingest.us.sentry.io",
"vendor": "Sentry",
"purpose": "Error monitoring and performance tracking",
"sample_urls": [
"https://o463742.ingest.us.sentry.io/api/4508449385807872/envelope/?sentry_version=7&sentry_key=6324798c673cf01315a26377634bb817&sentry_client=sentry.javascript.nextjs%2F9.10.0",
"https://o463742.ingest.us.sentry.io/api/4508449385807872/envelope/?sentry_version=7&sentry_key=6324798c673cf01315a26377634bb817&sentry_client=sentry.javascript.nextjs%2F9.10.0"
],
"pii_detected": [
"name in POST body",
"ln in POST body"
],
"request_count": 2,
"resource_types": [
"fetch"
]
}Detail
Found Google Tag Manager (Google) loading from https://www.googletagmanager.com/gtm.js?id=GTM-N8S3TGCP>g_health=1. Purpose: Tag management system that can load any tracking script.
Remediation
Review your GTM container configuration to identify all active tags. Disable any unnecessary tracking tags. Consider replacing with privacy-focused tag management or direct implementation of only essential scripts.
Legal Reference
GDPR Art. 25 (data protection by design)
Raw Data
{
"vendor": "Google",
"purpose": "Tag management system that can load any tracking script",
"category": "analytics",
"script_src": "https://www.googletagmanager.com/gtm.js?id=GTM-N8S3TGCP>g_health=1",
"gdpr_concern": "Container may include any number of tracking tags, often without the site owner's full awareness.",
"tracker_name": "Google Tag Manager",
"data_collected": [
"depends on configured tags"
]
}Detail
GTM container GTM-N8S3TGCP is loaded on this page. It acts as a hub that can load any number of tracking tags.
Remediation
Log into Google Tag Manager and review all published tags in container GTM-N8S3TGCP. Document what each tag does and ensure proper consent mechanisms are in place for any tracking tags.
Legal Reference
GDPR Art. 25 (data protection by design)
Raw Data
{
"container_id": "GTM-N8S3TGCP"
}Detail
First-party cookie from clerk.kokkeloren.no, expires: 0 days, purpose: Cloudflare bot management cookie for identifying legitimate traffic.. Vendor: Cloudflare.
Remediation
Check if you have HubSpot tracking or forms integrated. If so, ensure proper consent mechanisms are in place for HubSpot's data collection. The Cloudflare cookie itself is necessary for security.
Legal Reference
GDPR Recital 47 (legitimate interests for security)
Raw Data
{
"expiry": "0 days",
"secure": true,
"vendor": "Cloudflare",
"purpose": "necessary",
"http_only": true,
"same_site": "None",
"cookie_name": "__cf_bm",
"cookie_domain": "clerk.kokkeloren.no",
"is_long_lived": false,
"is_third_party": false
}Raw Data
{
"expiry": "0 days",
"secure": true,
"vendor": "Cloudflare",
"purpose": "necessary",
"http_only": true,
"same_site": "None",
"cookie_name": "__cf_bm",
"cookie_domain": "hubspot.com",
"is_long_lived": false,
"is_third_party": true
}Detail
1 request(s) to www.googletagmanager.com (Tag management system that can load any tracking script).
Remediation
This is the same Google Tag Manager issue. Address by reviewing the GTM container configuration and implementing proper consent controls for any tracking functionality.
Legal Reference
GDPR Art. 25 (data protection by design)
Raw Data
{
"domain": "www.googletagmanager.com",
"vendor": "Google",
"purpose": "Tag management system that can load any tracking script",
"sample_urls": [
"https://www.googletagmanager.com/gtm.js?id=GTM-N8S3TGCP>g_health=1"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
Found Microsoft Clarity (via GTM) reference in GTM container GTM-N8S3TGCP. This tracker may fire based on container triggers.
Remediation
Remove Microsoft Clarity from your Google Tag Manager container immediately. If you need user behavior insights, consider privacy-friendly alternatives like self-hosted analytics with aggregated heatmaps, or implement Clarity only after explicit consent with proper data masking configured.
Legal Reference
GDPR Art. 6 (lawful basis required), Art. 13 (information to users), ePrivacy Directive Art. 5(3)
Raw Data
{
"via": "raw_js_scan",
"container_id": "GTM-N8S3TGCP",
"detected_pattern": "clarity\\.ms"
}Detail
Found Snapchat Pixel (Snap Inc.) loading from https://sc-static.net/scevent.min.js. Purpose: Conversion tracking for Snapchat ads.
Remediation
Remove the Snapchat Pixel entirely, or implement it only after obtaining explicit consent through your consent management platform. Consider using privacy-friendly analytics like Plausible or Fathom instead of advertising pixels.
Legal Reference
GDPR Art. 6 (lawful basis), Art. 7 (consent), ePrivacy Directive Art. 5(3), Schrems II
Raw Data
{
"vendor": "Snap Inc.",
"purpose": "Conversion tracking for Snapchat ads",
"category": "advertising",
"script_src": "https://sc-static.net/scevent.min.js",
"gdpr_concern": "US data transfer for ad tracking.",
"tracker_name": "Snapchat Pixel",
"data_collected": [
"conversions",
"page views"
]
}Detail
1 request(s) to sc-static.net (Conversion tracking for Snapchat ads).
Remediation
This is the technical consequence of the Snapchat Pixel. Remove the pixel script to stop these automatic data transfers to Snapchat's servers, or ensure it only loads after explicit user consent.
Legal Reference
GDPR Art. 44-49 (international transfers), Schrems II ruling
Raw Data
{
"domain": "sc-static.net",
"vendor": "Snap Inc.",
"purpose": "Conversion tracking for Snapchat ads",
"sample_urls": [
"https://sc-static.net/scevent.min.js"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"script"
]
}Detail
Tests which fonts are installed by measuring text rendering differences. Attributed to: https://kokkeloren.no/_next/static/chunks/2d1400c4-80e8491da2619b0b.js
Remediation
Remove the font fingerprinting code from your Next.js application. If you need font consistency, use web fonts loaded from your CDN instead of detecting system fonts. Review your JavaScript bundles to ensure no tracking libraries are performing device fingerprinting.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 5(1)(a)
Raw Data
{
"technique": "font",
"match_count": 2,
"source_script": "https://kokkeloren.no/_next/static/chunks/2d1400c4-80e8491da2619b0b.js",
"patterns_matched": [
"measureText\\s*\\(.*?\\).*?width",
"fontFamily.*?(?:serif|sans-serif|monospace).*?fontFamily"
]
}