https://otte.no/
Good privacy practices with some tracking present
5
Trackers Found
1
Cookies
16
Network Requests
6.1s
Load Time
Otte.no demonstrates surprisingly good privacy practices for a Norwegian consultancy, with minimal tracking and no behavioral analytics. However, the site has two key privacy violations: active device fingerprinting that operates without consent, and sharing visitor IP addresses with Google through font loading. The complete absence of any consent mechanism means any future tracking implementations would immediately violate GDPR.
Critical Actions:
Detail
No cookie consent mechanism was found on this page. If the site uses tracking cookies or scripts, this is likely a GDPR/ePrivacy violation.
Remediation
Install a GDPR-compliant consent management platform (CMP) like Cookiebot, OneTrust, or Klaro. Ensure all non-essential tracking only starts after explicit consent. For Norwegian companies, consider privacy-friendly alternatives like Plausible Analytics that don't require consent.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 7
Raw Data
{
"detection_attempted": true
}Detail
Found Canvas Fingerprinting (Various) in inline JavaScript.
Remediation
Remove all canvas fingerprinting code from your website immediately. If you need visitor analytics, switch to privacy-friendly alternatives like Plausible or self-hosted Matomo that don't fingerprint devices. If the fingerprinting is coming from a third-party service, contact your web developer to replace or remove that service.
Legal Reference
ePrivacy Directive Art. 5(3), GDPR Art. 6 (lawful basis), GDPR Art. 7 (consent)
Raw Data
{
"vendor": "Various",
"category": "fingerprinting",
"tracker_id": "",
"tracker_name": "Canvas Fingerprinting",
"pattern_matched": "canvas\\.toDataURL|canvas\\.toBlob|getImageData",
"detection_method": "inline_pattern"
}Detail
First-party cookie from otte.no, expires: 0 days, purpose: Cloudflare bot management cookie for identifying legitimate traffic.. Vendor: Cloudflare.
Remediation
No action required. This is a necessary security cookie that protects your website from attacks. It expires when the browser session ends and doesn't track visitors across sites.
Legal Reference
GDPR Recital 47 (legitimate security interests)
Raw Data
{
"expiry": "0 days",
"secure": true,
"vendor": "Cloudflare",
"purpose": "necessary",
"http_only": true,
"same_site": "None",
"cookie_name": "__cf_bm",
"cookie_domain": "otte.no",
"is_long_lived": false,
"is_third_party": false
}Detail
1 request(s) to fonts.googleapis.com (Web font delivery).
Remediation
Self-host the Fira Sans font files on your server. You can download them from Google Fonts and serve them directly from your domain to eliminate Google's involvement.
Legal Reference
Munich Regional Court (Jan 2022) - IP addresses as personal data
Raw Data
{
"domain": "fonts.googleapis.com",
"vendor": "Google",
"purpose": "Web font delivery",
"sample_urls": [
"https://fonts.googleapis.com/css?family=Fira+Sans%3A400%2C&display=fallback&ver=4.12.1"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"stylesheet"
]
}Raw Data
{
"domain": "fonts.gstatic.com",
"vendor": "Google",
"purpose": "Web font file delivery",
"sample_urls": [
"https://fonts.gstatic.com/s/firasans/v18/va9E4kDNxMZdWfMOD5Vvl4jL.woff2"
],
"pii_detected": [],
"request_count": 1,
"resource_types": [
"font"
]
}