You can analyse your site (or a page, rather) at http://www.webpagetest.org, it will show you a waterfall graph listing all the requests being made. Based on that you can add stuff to the blacklist (or even switch to the whitelist, only allowing domains you approve off).
Hope this helps,
frank
Thanks a lot, Frank, that will help for sure *thumbs up*
Testing on one page, I got two more :
http://ib.adnxs.com/
b.scorecardresearch.com
http://ib.adnxs.com/getuid? and http://b.scorecardresearch.com/beacon.js are persistent though, they won’t go away. It looks related to ads, so I want to blacklist it. Any suggestions ?
Thanks
If a request is made from either within an iframe or from flash, wp-donottrack in it’s default setup cannot stop that.
There however is alpha-quality code in wp-donottrack which is commented out, which issues CSP headers but only when in whitelist mode. If you switch to whitelisting and if you remove the comment tags, that might (should) stop the adnxs.com-request.
Thanks, Frank …
But most are whitelisted, just a few to blacklist. Wouldn’t that mean a lot of entries in whitelist, and potentially missing something (this is what worries me) ? Blacklist I think is more efficient and safer. Maybe I just live with it for now …
it’s a difficult choice, but if you want to experiment with CSP, you’ll have to try with whitelist (due to the way CSP works, cfr. info on e.g. https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_Content_Security_Policy).
Ok, noted … darn these ad/research websites …
FYI; I’m working (well, doing some r&d) to really add CSP to wp donottrack in the near future. Will still require whitelist though.
