Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Script URL substrings used to detect the embeddings from the companies offering session replay services

  • mc.yandex.ru/metrika/watch.js
  • mc.yandex.ru/metrika/tag.js
  • mc.yandex.ru/webvisor/
  • fullstory.com/s/fs.js
  • d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js
  • ws.sessioncam.com/Record/record.asmx
  • userreplay.net
  • script.hotjar.com
  • insights.hotjar.com/api
  • clicktale.net
  • smartlook.com
  • decibelinsight.net
  • quantummetric.com
  • inspectlet.com
  • mouseflow.com
  • logrocket.com
  • salemove.com
  • d10lpsik1i8c69.cloudfront.net # luckyorange.com
@Firminator
Copy link

Firminator commented Nov 24, 2017

Thanks!

@monzta
Copy link

monzta commented Nov 29, 2017

@deathping1994 Do you know their script URL substring?

@gunesacar
Copy link
Author

gunesacar commented Nov 30, 2017

you forgot https://vwo.com/

Thanks for the heads up!

Let me just note that this list should not be considered as comprehensive, as explained in this comment:
https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/#comment-28470

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment