
Exfiltrating User’s Private Data Using Google Analytics to Bypass CSP - amirshk80
https://medium.com/@amirshk/exfiltrating-users-private-data-using-google-analytics-to-bypass-csp-5f91eb3b880
======
amirshk80
tl;dr; Since a lot of websites allow google-analytics.com, 3rd party
javascript code can use the fact there is no verification on the UA-ID to
exfiltrate information.

