Script URL substrings used to detect the embeddings from the companies offering session replay services
- mc.yandex.ru/metrika/watch.js
- mc.yandex.ru/metrika/tag.js
- mc.yandex.ru/webvisor/
- fullstory.com/s/fs.js
- d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js
- ws.sessioncam.com/Record/record.asmx
- userreplay.net
- script.hotjar.com
- insights.hotjar.com/api
- clicktale.net
- smartlook.com
- decibelinsight.net
- quantummetric.com
- inspectlet.com
- mouseflow.com
- logrocket.com
- salemove.com
- d10lpsik1i8c69.cloudfront.net # luckyorange.com
Thanks for the heads up!
Let me just note that this list should not be considered as comprehensive, as explained in this comment:
https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/#comment-28470