Opened 5 years ago

Last modified 9 months ago

#12847 new defect

cdn rules for bigcommerce.com

Reported by: cypherpunks Owned by: zyan
Priority: Medium Milestone:
Component: HTTPS Everywhere/HTTPS Everywhere: Chrome Version: HTTPS-E 4.0dev14
Severity: Normal Keywords: https-everywhere rules
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

bigcommerce CDN names extend past cdn[12] and include:

cdn.bigcommerce.com
cdn1.bigcommerce.com
cdn2.bigcommerce.com
cdn3.bigcommerce.com
cdn4.bigcommerce.com

and more. A more appropriate match would be:

cdn\d*\.bigcommerce\.com$

Leaking of bigcommerce.com CDN URLs can result very detailed tracking of items people are looking to buy, purchases etc for any stores run by them. This seems to be the case even for stores that use bigcommerce.com but that use their own domain name.

Child Tickets

Change History (2)

comment:1 Changed 18 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:2 Changed 9 months ago by traumschule

Keywords: https-everywhere added; https everywhere removed
Note: See TracTickets for help on using tickets.