Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Script URL substrings used to detect the embeddings from the companies offering session replay services

  • mc.yandex.ru/metrika/watch.js
  • mc.yandex.ru/metrika/tag.js
  • mc.yandex.ru/webvisor/
  • fullstory.com/s/fs.js
  • d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js
  • ws.sessioncam.com/Record/record.asmx
  • userreplay.net
  • script.hotjar.com
  • insights.hotjar.com/api
  • clicktale.net
  • smartlook.com
  • decibelinsight.net
  • quantummetric.com
  • inspectlet.com
  • mouseflow.com
  • logrocket.com
  • salemove.com
  • d10lpsik1i8c69.cloudfront.net # luckyorange.com
@deathping1994

This comment has been minimized.

Copy link

commented Nov 22, 2017

you forgot https://vwo.com/

@Firminator

This comment has been minimized.

Copy link

commented Nov 24, 2017

Thanks!

@monzta

This comment has been minimized.

Copy link

commented Nov 29, 2017

@deathping1994 Do you know their script URL substring?

@gunesacar

This comment has been minimized.

Copy link
Owner Author

commented Nov 30, 2017

you forgot https://vwo.com/

Thanks for the heads up!

Let me just note that this list should not be considered as comprehensive, as explained in this comment:
https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/#comment-28470

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.