Hacker News new | past | comments | ask | show | jobs | submit login

One solution is to add headers that forbid all includes (and therefore all tracking):

   Content-Security-Policy: 
     default-src 'self';
     frame-src 'self';
     script-src 'self' 'unsafe-inline' 'unsafe-eval';
     style-src  'self' 'unsafe-inline';
     img-src 'self' data:



Wouldn't this break the embedded video?


Yes. The website publisher would add this CSP header to ensure that the browser only loads sub-resources come from the first-party domain. It does not prevent the publisher from writing markup that declares third-party resource loads. The header ensures that the site will "break fast". CSP headers are often more useful in sites that allow clients to write markup, however there is still utility in declaring your intention to not load third-party content in your markup.


Yeah, or as a META tag




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: