<!doctype html><html lang="en-US" prefix="og: https://ogp.me/ns#"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="https://developer.mozilla.org/favicon-48x48.bc390275e955dacb2e65.png"/><link rel="apple-touch-icon" href="https://developer.mozilla.org/apple-touch-icon.528534bba673c38049c2.png"/><meta name="theme-color" content="#ffffff"/><link rel="manifest" href="https://developer.mozilla.org/manifest.f42880861b394dd4dc9b.json"/><link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="MDN Web Docs"/><title>Privacy on the web | MDN</title><link rel="alternate" title="Datenschutz im Web" href="https://developer.mozilla.org/de/docs/Web/Privacy" hrefLang="de"/><link rel="alternate" title="プライバシー、権限、情報セキュリティについて" href="https://developer.mozilla.org/ja/docs/Web/Privacy" hrefLang="ja"/><link rel="alternate" title="Privacy on the web" href="https://developer.mozilla.org/en-US/docs/Web/Privacy" hrefLang="en"/><link rel="preload" as="font" type="font/woff2" href="/static/media/Inter.var.c2fe3cb2b7c746f7966a.woff2" crossorigin=""/><link rel="alternate" type="application/rss+xml" title="MDN Blog RSS Feed" href="https://developer.mozilla.org/en-US/blog/rss.xml" hrefLang="en"/><meta name="description" content="People use websites for several important tasks such as banking, shopping, entertainment, and paying their taxes. In doing so, they are required to share personal information with those sites. Users place a certain level of trust in the sites they share their data with. If that information fell into the wrong hands, it could be used to exploit users, for example by profiling them, targeting them with unwanted ads, or even stealing their identity or money."/><meta property="og:url" content="https://developer.mozilla.org/en-US/docs/Web/Privacy"/><meta property="og:title" content="Privacy on the web | MDN"/><meta property="og:type" content="website"/><meta property="og:locale" content="en_US"/><meta property="og:description" content="People use websites for several important tasks such as banking, shopping, entertainment, and paying their taxes. In doing so, they are required to share personal information with those sites. Users place a certain level of trust in the sites they share their data with. If that information fell into the wrong hands, it could be used to exploit users, for example by profiling them, targeting them with unwanted ads, or even stealing their identity or money."/><meta property="og:image" content="https://developer.mozilla.org/mdn-social-share.d893525a4fb5fb1f67a2.png"/><meta property="og:image:type" content="image/png"/><meta property="og:image:height" content="1080"/><meta property="og:image:width" content="1920"/><meta property="og:image:alt" content="The MDN Web Docs logo, featuring a blue accent color, displayed on a solid black background."/><meta property="og:site_name" content="MDN Web Docs"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:creator" content="MozDevNet"/><link rel="canonical" href="https://developer.mozilla.org/en-US/docs/Web/Privacy"/><style media="print">.article-actions-container,.document-toc-container,.language-menu,.main-menu-toggle,.on-github,.page-footer,.place,.sidebar,.top-banner,.top-navigation-main,ul.prev-next{display:none!important}.main-page-content,.main-page-content pre{padding:2px}.main-page-content pre{border-left-width:2px}</style><script src="/static/js/gtag.js" defer=""></script><script defer="" src="/static/js/main.5e889624.js"></script><link href="/static/css/main.26c64ea7.css" rel="stylesheet"/></head><body><script>if(document.body.addEventListener("load",(t=>{t.target.classList.contains("interactive")&&t.target.setAttribute("data-readystate","complete")}),{capture:!0}),window&&document.documentElement){const t={light:"#ffffff",dark:"#1b1b1b"};try{const e=window.localStorage.getItem("theme");e&&(document.documentElement.className=e,document.documentElement.style.backgroundColor=t[e]);const o=window.localStorage.getItem("nop");o&&(document.documentElement.dataset.nop=o)}catch(t){console.warn("Unable to read theme from localStorage",t)}}</script><div id="root"><ul id="nav-access" class="a11y-nav"><li><a id="skip-main" href="#content">Skip to main content</a></li><li><a id="skip-search" href="#top-nav-search-input">Skip to search</a></li><li><a id="skip-select-language" href="#languages-switcher-button">Skip to select language</a></li></ul><div class="page-wrapper category-web document-page"><div class="top-banner loading"><section class="place top container"></section></div><div class="sticky-header-container"><header class="top-navigation "><div class="container "><div class="top-navigation-wrap"><a href="/en-US/" class="logo" aria-label="MDN homepage"><svg id="mdn-docs-logo" xmlns="http://www.w3.org/2000/svg" x="0" y="0" viewBox="0 0 694.9 104.4" style="enable-background:new 0 0 694.9 104.4" xml:space="preserve" role="img"><title>MDN Web Docs</title><path d="M40.3 0 11.7 92.1H0L28.5 0h11.8zm10.4 0v92.1H40.3V0h10.4zM91 0 62.5 92.1H50.8L79.3 0H91zm10.4 0v92.1H91V0h10.4z" class="logo-m"></path><path d="M627.9 95.6h67v8.8h-67v-8.8z" class="logo-_"></path><path d="M367 42h-4l-10.7 30.8h-5.5l-10.8-26h-.4l-10.5 26h-5.2L308.7 42h-3.8v-5.6H323V42h-6.5l6.8 20.4h.4l10.3-26h4.7l11.2 26h.5l5.7-20.3h-6.2v-5.6H367V42zm34.9 20c-.4 3.2-2 5.9-4.7 8.2-2.8 2.3-6.5 3.4-11.3 3.4-5.4 0-9.7-1.6-13.1-4.7-3.3-3.2-5-7.7-5-13.7 0-5.7 1.6-10.3 4.7-14s7.4-5.5 12.9-5.5c5.1 0 9.1 1.6 11.9 4.7s4.3 6.9 4.3 11.3c0 1.5-.2 3-.5 4.7h-25.6c.3 7.7 4 11.6 10.9 11.6 2.9 0 5.1-.7 6.5-2 1.5-1.4 2.5-3 3-4.9l6 .9zM394 51.3c.2-2.4-.4-4.7-1.8-6.9s-3.8-3.3-7-3.3c-3.1 0-5.3 1-6.9 3-1.5 2-2.5 4.4-2.8 7.2H394zm51 2.4c0 5-1.3 9.5-4 13.7s-6.9 6.2-12.7 6.2c-6 0-10.3-2.2-12.7-6.7-.1.4-.2 1.4-.4 2.9s-.3 2.5-.4 2.9h-7.3c.3-1.7.6-3.5.8-5.3.3-1.8.4-3.7.4-5.5V22.3h-6v-5.6H416v27c1.1-2.2 2.7-4.1 4.7-5.7 2-1.6 4.8-2.4 8.4-2.4 4.6 0 8.4 1.6 11.4 4.7 3 3.2 4.5 7.6 4.5 13.4zm-7.7.6c0-4.2-1-7.4-3-9.5-2-2.2-4.4-3.3-7.4-3.3-3.4 0-6 1.2-8 3.7-1.9 2.4-2.9 5-3 7.7V57c0 3 1 5.6 3 7.7s4.5 3.1 7.6 3.1c3.6 0 6.3-1.3 8.1-3.9 1.8-2.7 2.7-5.9 2.7-9.6zm69.2 18.5h-13.2v-7.2c-1.2 2.2-2.8 4.1-4.9 5.6-2.1 1.6-4.8 2.4-8.3 2.4-4.8 0-8.7-1.6-11.6-4.9-2.9-3.2-4.3-7.7-4.3-13.3 0-5 1.3-9.6 4-13.7 2.6-4.1 6.9-6.2 12.8-6.2 5.7 0 9.8 2.2 12.3 6.5V22.3h-8.6v-5.6h15.8v50.6h6v5.5zM493.2 56v-4.4c-.1-3-1.2-5.5-3.2-7.3s-4.4-2.8-7.2-2.8c-3.6 0-6.3 1.3-8.2 3.9-1.9 2.6-2.8 5.8-2.8 9.6 0 4.1 1 7.3 3 9.5s4.5 3.3 7.4 3.3c3.2 0 5.8-1.3 7.8-3.8 2.1-2.6 3.1-5.3 3.2-8zm53.1-1.4c0 5.6-1.8 10.2-5.3 13.7s-8.2 5.3-13.9 5.3-10.1-1.7-13.4-5.1c-3.3-3.4-5-7.9-5-13.5 0-5.3 1.6-9.9 4.7-13.7 3.2-3.8 7.9-5.7 14.2-5.7s11 1.9 14.1 5.7c3 3.7 4.6 8.1 4.6 13.3zm-7.7-.2c0-4-1-7.2-3-9.5s-4.8-3.5-8.2-3.5c-3.6 0-6.4 1.2-8.3 3.7s-2.9 5.6-2.9 9.5c0 3.7.9 6.8 2.8 9.4 1.9 2.6 4.6 3.9 8.3 3.9 3.6 0 6.4-1.3 8.4-3.8 1.9-2.6 2.9-5.8 2.9-9.7zm45 5.8c-.4 3.2-1.9 6.3-4.4 9.1-2.5 2.9-6.4 4.3-11.8 4.3-5.2 0-9.4-1.6-12.6-4.8-3.2-3.2-4.8-7.7-4.8-13.7 0-5.5 1.6-10.1 4.7-13.9 3.2-3.8 7.6-5.7 13.2-5.7 2.3 0 4.6.3 6.7.8 2.2.5 4.2 1.5 6.2 2.9l1.5 9.5-5.9.7-1.3-6.1c-2.1-1.2-4.5-1.8-7.2-1.8-3.5 0-6.1 1.2-7.7 3.7-1.7 2.5-2.5 5.7-2.5 9.6 0 4.1.9 7.3 2.7 9.5 1.8 2.3 4.4 3.4 7.8 3.4 5.2 0 8.2-2.9 9.2-8.8l6.2 1.3zm34.7 1.9c0 3.6-1.5 6.5-4.6 8.5s-7 3-11.7 3c-5.7 0-10.6-1.2-14.6-3.6l1.2-8.8 5.7.6-.2 4.7c1.1.5 2.3.9 3.6 1.1s2.6.3 3.9.3c2.4 0 4.5-.4 6.5-1.3 1.9-.9 2.9-2.2 2.9-4.1 0-1.8-.8-3.1-2.3-3.8s-3.5-1.3-5.8-1.7-4.6-.9-6.9-1.4c-2.3-.6-4.2-1.6-5.7-2.9-1.6-1.4-2.3-3.5-2.3-6.3 0-4.1 1.5-6.9 4.6-8.5s6.4-2.4 9.9-2.4c2.6 0 5 .3 7.2.9 2.2.6 4.3 1.4 6.1 2.4l.8 8.8-5.8.7-.8-5.7c-2.3-1-4.7-1.6-7.2-1.6-2.1 0-3.7.4-5.1 1.1-1.3.8-2 2-2 3.8 0 1.7.8 2.9 2.3 3.6 1.5.7 3.4 1.2 5.7 1.6 2.2.4 4.5.8 6.7 1.4 2.2.6 4.1 1.6 5.7 3 1.4 1.6 2.2 3.7 2.2 6.6zM197.6 73.2h-17.1v-5.5h3.8V51.9c0-3.7-.7-6.3-2.1-7.9-1.4-1.6-3.3-2.3-5.7-2.3-3.2 0-5.6 1.1-7.2 3.4s-2.4 4.6-2.5 6.9v15.6h6v5.5h-17.1v-5.5h3.8V51.9c0-3.8-.7-6.4-2.1-7.9-1.4-1.5-3.3-2.3-5.6-2.3-3.2 0-5.5 1.1-7.2 3.3-1.6 2.2-2.4 4.5-2.5 6.9v15.8h6.9v5.5h-20.2v-5.5h6V42.4h-6.1v-5.6h13.4v6.4c1.2-2.1 2.7-3.8 4.7-5.2 2-1.3 4.4-2 7.3-2s5.3.7 7.5 2.1c2.2 1.4 3.7 3.5 4.5 6.4 1.1-2.5 2.7-4.5 4.9-6.1s4.8-2.4 7.9-2.4c3.5 0 6.5 1.1 8.9 3.3s3.7 5.6 3.7 10.2v18.2h6.1v5.5zm42.5 0h-13.2V66c-1.2 2.2-2.8 4.1-4.9 5.6-2.1 1.6-4.8 2.4-8.3 2.4-4.8 0-8.7-1.6-11.6-4.9-2.9-3.2-4.3-7.7-4.3-13.3 0-5 1.3-9.6 4-13.7 2.6-4.1 6.9-6.2 12.8-6.2s9.8 2.2 12.3 6.5V22.7h-8.6v-5.6h15.8v50.6h6v5.5zm-13.3-16.8V52c-.1-3-1.2-5.5-3.2-7.3s-4.4-2.8-7.2-2.8c-3.6 0-6.3 1.3-8.2 3.9-1.9 2.6-2.8 5.8-2.8 9.6 0 4.1 1 7.3 3 9.5s4.5 3.3 7.4 3.3c3.2 0 5.8-1.3 7.8-3.8 2.1-2.6 3.1-5.3 3.2-8zm61.5 16.8H269v-5.5h6V51.9c0-3.7-.7-6.3-2.2-7.9-1.4-1.6-3.4-2.3-5.7-2.3-3.1 0-5.6 1-7.4 3s-2.8 4.4-2.9 7v15.9h6v5.5h-19.3v-5.5h6V42.4h-6.2v-5.6h13.6V43c2.6-4.6 6.8-6.9 12.7-6.9 3.6 0 6.7 1.1 9.2 3.3s3.7 5.6 3.7 10.2v18.2h6v5.4h-.2z" class="logo-text"></path></svg></a><button title="Open main menu" type="button" class="button action has-icon main-menu-toggle" aria-haspopup="menu" aria-label="Open main menu" aria-expanded="false"><span class="button-wrap"><span class="icon icon-menu "></span><span class="visually-hidden">Open main menu</span></span></button></div><div class="top-navigation-main"><nav class="main-nav" aria-label="Main menu"><ul class="main-menu nojs"><li class="top-level-entry-container active"><button type="button" id="references-button" class="top-level-entry menu-toggle" aria-controls="references-menu" aria-expanded="false">References</button><a href="/en-US/docs/Web" class="top-level-entry">References</a><ul id="references-menu" class="submenu references hidden inline-submenu-lg" aria-labelledby="references-button"><li class="apis-link-container mobile-only "><a href="/en-US/docs/Web" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview / Web Technology</div><p class="submenu-item-description">Web technology reference for developers</p></div></a></li><li class="html-link-container "><a href="/en-US/docs/Web/HTML" class="submenu-item "><div class="submenu-icon html"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTML</div><p class="submenu-item-description">Structure of content on the web</p></div></a></li><li class="css-link-container "><a href="/en-US/docs/Web/CSS" class="submenu-item "><div class="submenu-icon css"></div><div class="submenu-content-container"><div class="submenu-item-heading">CSS</div><p class="submenu-item-description">Code used to describe document style</p></div></a></li><li class="javascript-link-container "><a href="/en-US/docs/Web/JavaScript" class="submenu-item "><div class="submenu-icon javascript"></div><div class="submenu-content-container"><div class="submenu-item-heading">JavaScript</div><p class="submenu-item-description">General-purpose scripting language</p></div></a></li><li class="http-link-container "><a href="/en-US/docs/Web/HTTP" class="submenu-item "><div class="submenu-icon http"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTTP</div><p class="submenu-item-description">Protocol for transmitting web resources</p></div></a></li><li class="apis-link-container "><a href="/en-US/docs/Web/API" class="submenu-item "><div class="submenu-icon apis"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web APIs</div><p class="submenu-item-description">Interfaces for building web applications</p></div></a></li><li class="apis-link-container "><a href="/en-US/docs/Mozilla/Add-ons/WebExtensions" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web Extensions</div><p class="submenu-item-description">Developing extensions for web browsers</p></div></a></li><li class="apis-link-container desktop-only "><a href="/en-US/docs/Web" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web Technology</div><p class="submenu-item-description">Web technology reference for developers</p></div></a></li></ul></li><li class="top-level-entry-container "><button type="button" id="guides-button" class="top-level-entry menu-toggle" aria-controls="guides-menu" aria-expanded="false">Guides</button><a href="/en-US/docs/Learn" class="top-level-entry">Guides</a><ul id="guides-menu" class="submenu guides hidden inline-submenu-lg" aria-labelledby="guides-button"><li class="apis-link-container mobile-only "><a href="/en-US/docs/Learn" class="submenu-item "><div class="submenu-icon learn"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview / MDN Learning Area</div><p class="submenu-item-description">Learn web development</p></div></a></li><li class="apis-link-container desktop-only "><a href="/en-US/docs/Learn" class="submenu-item "><div class="submenu-icon learn"></div><div class="submenu-content-container"><div class="submenu-item-heading">MDN Learning Area</div><p class="submenu-item-description">Learn web development</p></div></a></li><li class="html-link-container "><a href="/en-US/docs/Learn/HTML" class="submenu-item "><div class="submenu-icon html"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTML</div><p class="submenu-item-description">Learn to structure web content with HTML</p></div></a></li><li class="css-link-container "><a href="/en-US/docs/Learn/CSS" class="submenu-item "><div class="submenu-icon css"></div><div class="submenu-content-container"><div class="submenu-item-heading">CSS</div><p class="submenu-item-description">Learn to style content using CSS</p></div></a></li><li class="javascript-link-container "><a href="/en-US/docs/Learn/JavaScript" class="submenu-item "><div class="submenu-icon javascript"></div><div class="submenu-content-container"><div class="submenu-item-heading">JavaScript</div><p class="submenu-item-description">Learn to run scripts in the browser</p></div></a></li><li class=" "><a href="/en-US/docs/Web/Accessibility" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Accessibility</div><p class="submenu-item-description">Learn to make the web accessible to all</p></div></a></li></ul></li><li class="top-level-entry-container "><button type="button" id="mdn-plus-button" class="top-level-entry menu-toggle" aria-controls="mdn-plus-menu" aria-expanded="false">Plus</button><a href="/en-US/plus" class="top-level-entry">Plus</a><ul id="mdn-plus-menu" class="submenu mdn-plus hidden inline-submenu-lg" aria-labelledby="mdn-plus-button"><li class=" "><a href="/en-US/plus" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview</div><p class="submenu-item-description">A customized MDN experience</p></div></a></li><li class=" "><a href="/en-US/plus/ai-help" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">AI Help</div><p class="submenu-item-description">Get real-time assistance and support</p></div></a></li><li class=" "><a href="/en-US/plus/updates" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Updates</div><p class="submenu-item-description">All browser compatibility updates at a glance</p></div></a></li><li class=" "><a href="/en-US/plus/docs/features/overview" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Documentation</div><p class="submenu-item-description">Learn how to use MDN Plus</p></div></a></li><li class=" "><a href="/en-US/plus/docs/faq" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">FAQ</div><p class="submenu-item-description">Frequently asked questions about MDN Plus</p></div></a></li></ul></li><li class="top-level-entry-container "><a class="top-level-entry menu-link" href="/en-US/curriculum/">Curriculum <sup class="new">New</sup></a></li><li class="top-level-entry-container "><a class="top-level-entry menu-link" href="/en-US/blog/">Blog</a></li><li class="top-level-entry-container "><button type="button" id="tools-button" class="top-level-entry menu-toggle" aria-controls="tools-menu" aria-expanded="false">Tools</button><ul id="tools-menu" class="submenu tools hidden inline-submenu-lg" aria-labelledby="tools-button"><li class=" "><a href="/en-US/play" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Playground</div><p class="submenu-item-description">Write, test and share your code</p></div></a></li><li class=" "><a href="/en-US/observatory" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTTP Observatory</div><p class="submenu-item-description">Scan a website for free</p></div></a></li><li class=" "><a href="/en-US/plus/ai-help" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">AI Help</div><p class="submenu-item-description">Get real-time assistance and support</p></div></a></li></ul></li></ul></nav><div class="header-search"><form action="/en-US/search" class="search-form search-widget" id="top-nav-search-form" role="search"><label id="top-nav-search-label" for="top-nav-search-input" class="visually-hidden">Search MDN</label><input aria-activedescendant="" aria-autocomplete="list" aria-controls="top-nav-search-menu" aria-expanded="false" aria-labelledby="top-nav-search-label" autoComplete="off" id="top-nav-search-input" role="combobox" type="search" class="search-input-field" name="q" placeholder="   " required="" value=""/><button type="button" class="button action has-icon clear-search-button"><span class="button-wrap"><span class="icon icon-cancel "></span><span class="visually-hidden">Clear search input</span></span></button><button type="submit" class="button action has-icon search-button"><span class="button-wrap"><span class="icon icon-search "></span><span class="visually-hidden">Search</span></span></button><div id="top-nav-search-menu" role="listbox" aria-labelledby="top-nav-search-label"></div></form></div><div class="theme-switcher-menu"><button type="button" class="button action has-icon theme-switcher-menu small" aria-haspopup="menu"><span class="button-wrap"><span class="icon icon-theme-os-default "></span>Theme</span></button></div><ul class="auth-container"><li><a href="/users/fxa/login/authenticate/?next=%2Fen-US%2Fdocs%2FWeb%2FPrivacy" class="login-link" rel="nofollow">Log in</a></li><li><a href="/users/fxa/login/authenticate/?next=%2Fen-US%2Fdocs%2FWeb%2FPrivacy" target="_self" rel="nofollow" class="button primary mdn-plus-subscribe-link"><span class="button-wrap">Sign up for free</span></a></li></ul></div></div></header><div class="article-actions-container"><div class="container"><button type="button" class="button action has-icon sidebar-button" aria-label="Expand sidebar" aria-expanded="false" aria-controls="sidebar-quicklinks"><span class="button-wrap"><span class="icon icon-sidebar "></span></span></button><nav class="breadcrumbs-container" aria-label="Breadcrumb"><ol typeof="BreadcrumbList" vocab="https://schema.org/" aria-label="breadcrumbs"><li property="itemListElement" typeof="ListItem"><a href="/en-US/docs/Web" class="breadcrumb" property="item" typeof="WebPage"><span property="name">References</span></a><meta property="position" content="1"/></li><li property="itemListElement" typeof="ListItem"><a href="/en-US/docs/Web/Privacy" class="breadcrumb-current-page" property="item" typeof="WebPage"><span property="name">Privacy on the web</span></a><meta property="position" content="2"/></li></ol></nav><div class="article-actions"><button type="button" class="button action has-icon article-actions-toggle" aria-label="Article actions"><span class="button-wrap"><span class="icon icon-ellipses "></span><span class="article-actions-dialog-heading">Article Actions</span></span></button><ul class="article-actions-entries"><li class="article-actions-entry"><div class="languages-switcher-menu open-on-focus-within"><button id="languages-switcher-button" type="button" class="button action small has-icon languages-switcher-menu" aria-haspopup="menu"><span class="button-wrap"><span class="icon icon-language "></span>English (US)</span></button><div class="hidden"><ul class="submenu language-menu " aria-labelledby="language-menu-button"><li class=" "><form class="submenu-item locale-redirect-setting"><div class="group"><label class="switch"><input type="checkbox" name="locale-redirect"/><span class="slider"></span><span class="label">Remember language</span></label><a href="https://github.com/orgs/mdn/discussions/739" rel="external noopener noreferrer" target="_blank" title="Enable this setting to automatically switch to this language when it&#x27;s available. (Click to learn more.)"><span class="icon icon-question-mark "></span></a></div></form></li><li class=" "><a data-locale="de" href="/de/docs/Web/Privacy" class="button submenu-item"><span>Deutsch</span><span title="Diese Übersetzung ist Teil eines Experiments."><span class="icon icon-experimental "></span></span></a></li><li class=" "><a data-locale="ja" href="/ja/docs/Web/Privacy" class="button submenu-item"><span>日本語</span></a></li></ul></div></div></li></ul></div></div></div></div><div class="main-wrapper"><div class="sidebar-container"><aside id="sidebar-quicklinks" class="sidebar"><button type="button" class="button action backdrop" aria-label="Collapse sidebar"><span class="button-wrap"></span></button><nav aria-label="Related Topics" class="sidebar-inner"><header class="sidebar-actions"><section class="sidebar-filter-container"><div class="sidebar-filter "><label id="sidebar-filter-label" class="sidebar-filter-label" for="sidebar-filter-input"><span class="icon icon-filter"></span><span class="visually-hidden">Filter sidebar</span></label><input id="sidebar-filter-input" autoComplete="off" class="sidebar-filter-input-field false" type="text" placeholder="Filter" value=""/><button type="button" class="button action has-icon clear-sidebar-filter-button"><span class="button-wrap"><span class="icon icon-cancel "></span><span class="visually-hidden">Clear filter input</span></span></button></div></section></header><div class="sidebar-inner-nav"><div class="in-nav-toc"><div class="document-toc-container"><section class="document-toc"><header><h2 class="document-toc-heading">In this article</h2></header><ul class="document-toc-list"><li class="document-toc-item "><a class="document-toc-link" href="#defining_privacy_terms_and_concepts">Defining privacy terms and concepts</a></li><li class="document-toc-item "><a class="document-toc-link" href="#privacy_features_provided_by_browsers">Privacy features provided by browsers</a></li><li class="document-toc-item "><a class="document-toc-link" href="#privacy_considerations_for_client-side_developers">Privacy considerations for client-side developers</a></li><li class="document-toc-item "><a class="document-toc-link" href="#collect_data_ethically">Collect data ethically</a></li><li class="document-toc-item "><a class="document-toc-link" href="#cut_down_on_tracking">Cut down on tracking</a></li><li class="document-toc-item "><a class="document-toc-link" href="#carefully_manage_third-party_resources">Carefully manage third-party resources</a></li><li class="document-toc-item "><a class="document-toc-link" href="#protect_user_data">Protect user data</a></li><li class="document-toc-item "><a class="document-toc-link" href="#see_also">See also</a></li></ul></section></div></div><div class="sidebar-body"><ul><li><a href="/en-US/docs/Web/Privacy/Firefox_tracking_protection">Firefox tracking protection</a></li><li><a href="/en-US/docs/Web/Privacy/Privacy_sandbox">Privacy sandbox</a><ul><li><a href="/en-US/docs/Web/Privacy/Privacy_sandbox/Enrollment">Privacy sandbox enrollment</a></li><li><a href="/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies">Cookies Having Independent Partitioned State (CHIPS)</a></li></ul></li><li><a href="/en-US/docs/Web/Privacy/Redirect_tracking_protection">Redirect tracking protection</a></li><li><a href="/en-US/docs/Web/Privacy/State_Partitioning">State Partitioning</a></li><li><a href="/en-US/docs/Web/Privacy/Storage_Access_Policy">Storage access policy: Block cookies from trackers</a><ul><li><a href="/en-US/docs/Web/Privacy/Storage_Access_Policy/Errors">Errors</a></li></ul></li><li><a href="/en-US/docs/Web/Privacy/Third-party_cookies">Third-party cookies</a></li></ul></div></div><section class="place side"></section></nav></aside><div class="toc-container"><aside class="toc"><nav><div class="document-toc-container"><section class="document-toc"><header><h2 class="document-toc-heading">In this article</h2></header><ul class="document-toc-list"><li class="document-toc-item "><a class="document-toc-link" href="#defining_privacy_terms_and_concepts">Defining privacy terms and concepts</a></li><li class="document-toc-item "><a class="document-toc-link" href="#privacy_features_provided_by_browsers">Privacy features provided by browsers</a></li><li class="document-toc-item "><a class="document-toc-link" href="#privacy_considerations_for_client-side_developers">Privacy considerations for client-side developers</a></li><li class="document-toc-item "><a class="document-toc-link" href="#collect_data_ethically">Collect data ethically</a></li><li class="document-toc-item "><a class="document-toc-link" href="#cut_down_on_tracking">Cut down on tracking</a></li><li class="document-toc-item "><a class="document-toc-link" href="#carefully_manage_third-party_resources">Carefully manage third-party resources</a></li><li class="document-toc-item "><a class="document-toc-link" href="#protect_user_data">Protect user data</a></li><li class="document-toc-item "><a class="document-toc-link" href="#see_also">See also</a></li></ul></section></div></nav></aside><section class="place side"></section></div></div><main id="content" class="main-content "><article class="main-page-content" lang="en-US"><header><h1>Privacy on the web</h1></header><div class="section-content"><p>People use websites for several important tasks such as banking, shopping, entertainment, and paying their taxes. In doing so, they are required to share personal information with those sites. Users place a certain level of trust in the sites they share their data with. If that information fell into the wrong hands, it could be used to exploit users, for example by profiling them, targeting them with unwanted ads, or even stealing their identity or money.</p> <p>Modern browsers already have a wealth of features to protect users' privacy on the web, but that's not enough. To create a trustworthy and privacy-respecting experience, developers need to educate their site users in good practices (and enforce them). Developers should also create sites that collect as little data from users as possible, use the data responsibly, and transport and store it securely.</p> <p>In this article, we:</p> <ul> <li>Define privacy and important related terms.</li> <li>Examine browser features that automatically protect user privacy.</li> <li>Look at what developers can do to create privacy-respecting web content that minimizes the risk of users' personal information/data being obtained unexpectedly by third parties.</li> </ul></div><section aria-labelledby="defining_privacy_terms_and_concepts"><h2 id="defining_privacy_terms_and_concepts"><a href="#defining_privacy_terms_and_concepts">Defining privacy terms and concepts</a></h2><div class="section-content"><p>Before we look at the various privacy and security features available to use on the web, let's define some important terms.</p></div></section><section aria-labelledby="privacy_and_its_relationship_with_security"><h3 id="privacy_and_its_relationship_with_security"><a href="#privacy_and_its_relationship_with_security">Privacy and its relationship with security</a></h3><div class="section-content"><p>It is hard to talk about privacy without also talking about security — they are closely related, and you can't really create privacy-respecting websites without good security. Therefore, we shall define both.</p> <ul> <li> <p><strong>Privacy</strong> refers to the act of giving users the right to control how their data is collected, stored, and used, and not using it irresponsibly. For example, you should clearly communicate to your users what data you are collecting, who it will be shared with, and how it will be used. Users must be given a chance to consent to your terms of data usage, have access to all of their data that you are storing, and delete it if they no longer wish you to have it. You must also comply with your own terms: nothing erodes user trust like having their data used and shared in ways they never consented to. And this isn't just ethically wrong; it could be against the law. Many parts of the world now have legislation that protects consumer privacy rights (for example the EU's <a href="https://gdpr.eu/" class="external" target="_blank">GDPR</a>).</p> </li> <li> <p><strong>Security</strong> is the act of keeping private data and systems protected against unauthorized access. This includes both company (internal) data, and user and partner (external) data. It is no use having a robust privacy policy that makes your users trust you if your security is weak and malicious parties can steal their data anyway.</p> </li> </ul></div></section><section aria-labelledby="personal_and_private_information"><h3 id="personal_and_private_information"><a href="#personal_and_private_information">Personal and private information</a></h3><div class="section-content"><p><strong>Personal information</strong> is any information that describes a user. Examples include:</p> <ul> <li>Physical attributes such as height, gender expression, weight, hair color, or age</li> <li>Postal address, email address, phone number, or other contact information</li> <li>Passport number, bank account, credit card, social security number, or other official identifiers</li> <li>Health information such as medical history, allergies, or ongoing conditions</li> <li>Usernames and passwords</li> <li>Hobbies, interests, or other personal preferences</li> <li>Biometric data such as fingerprints or facial recognition data</li> </ul> <p><strong>Private information</strong> is any information that users do not want shared publicly and must be kept private (i.e., information that is accessible only by a certain group of authorized users). Some private data is private by law (for example medical data), and some is private more by personal preference.</p></div></section><section aria-labelledby="personally_identifiable_information"><h3 id="personally_identifiable_information"><a href="#personally_identifiable_information">Personally identifiable information</a></h3><div class="section-content"><p>Following on from the above section, <strong>personally identifiable information</strong> (PII) is information that can be used, in whole or in part, to track down and/or identify a specific person. For example, if a site leaks a list of users' names and zip codes online, a bad actor could almost certainly use this information to find their full addresses. Even if a full-scale leak does not happen, it is still possible to identify users through less obvious means, such as the browsers they are using, the devices they are using, specific fonts they have installed, and so on.</p></div></section><section aria-labelledby="tracking"><h3 id="tracking"><a href="#tracking">Tracking</a></h3><div class="section-content"><p><strong>Tracking</strong> refers to the process of recording a user's activity across many different websites. This can be done in various ways, for example:</p> <ul> <li>Looking at multiple <a href="/en-US/docs/Web/Privacy/Third-party_cookies">third-party cookies</a> set across different sites where third-party content is embedded to find out various information points about the user.</li> <li>Looking at the <a href="/en-US/docs/Web/HTTP/Headers/Referer"><code>Referer</code></a> header to see where a user has navigated from.</li> <li>Including parameters on the URLs of inbound links (for example in embedded ads linking to product pages, or marketing emails) that can reveal to the linked site where the link originated from, what marketing campaign it is part of, the email address or other identifier of the user that clicked on it, etc. This process is referred to as <strong>link decorating</strong>, and results in link URLs that look like this: <code>https://example.com/article/?id=62yhgt1a&amp;campaign=902</code>.</li> <li>Redirect tracking, which involves trackers momentarily (and imperceptibly) redirecting a user to their website to use first-party storage to track that user across websites. This allows trackers to get around third-party cookies being blocked. For example, if you have read a product review and want to click through to buy it, you might unwittingly navigate to the redirect tracker first, <em>then</em> to the retailer. This means the tracker is loaded as a first party, and can associate tracking data with the identifiers they have stored in their first-party cookies before forwarding you to the retailer.</li> </ul> <p>Tracking data can be used to build a profile of a user and their interests and preferences, which is usually bad and can be annoying to various degrees. For example:</p> <ul> <li><strong>Targeted ads</strong>: Everyone has had the unnerving experience of researching some items to buy on one device and then suddenly being bombarded by adverts for the same products on all their other devices.</li> <li><strong>Selling or sharing data</strong>: Some third parties have been known to compile tracking data and then sell it to/share it with others to use for various purposes, like targeted ads. This is obviously highly unethical and may also be illegal, depending on where in the world it happens.</li> <li><strong>Prejudice via data</strong>: In the worst cases, sharing data could result in the user being unfairly disadvantaged. For example, imagine an insurance company finding out data points about a potential customer that they didn't consent to share, and using them as a justification for increasing insurance premiums.</li> </ul></div></section><section aria-labelledby="fingerprinting"><h3 id="fingerprinting"><a href="#fingerprinting">Fingerprinting</a></h3><div class="section-content"><p>A process very closely related to tracking is <strong>fingerprinting</strong>: this specifically refers to <em>identifying</em> users by building up a store of data points about them that differentiate them from other users. This could be anything from cookie contents to what browser they are using and what fonts they have installed locally.</p> <p>Modern browsers take steps to help prevent fingerprinting-based attacks by either not allowing information to be accessed or, where the information must be made available, by introducing variations or "noise" that prevent it from being used for identification purposes.</p> <p>For example, if a website queries a user's browser for the elapsed time, a comparison of that time to the time reported by the server might be useful as a factor in fingerprinting. Because of this, browsers typically introduce a small amount of variability to timers to make them less useful for identifying the user's system.</p> <div class="notecard note"> <p><strong>Note:</strong> See <a href="https://web.dev/learn/privacy/fingerprinting/" class="external" target="_blank">Fingerprinting</a> on web.dev for additional useful information.</p> </div></div></section><section aria-labelledby="privacy_features_provided_by_browsers"><h2 id="privacy_features_provided_by_browsers"><a href="#privacy_features_provided_by_browsers">Privacy features provided by browsers</a></h2><div class="section-content"><p>Browser vendors are aware of the need to protect user privacy and the negative effects of tracking, fingerprinting, etc., on user experience. To this end, they have implemented various features that enhance privacy protection and/or mitigate threats. In this section, we look at different categories of privacy protection that browsers apply automatically.</p></div></section><section aria-labelledby="https_by_default"><h3 id="https_by_default"><a href="#https_by_default">HTTPS by default</a></h3><div class="section-content"><p><a href="/en-US/docs/Web/Security/Transport_Layer_Security">Transport Layer Security (TLS)</a> provides security and privacy by encrypting data during transport over the network and is the technology behind the <a href="/en-US/docs/Glossary/HTTPS">HTTPS</a> protocol. TLS is good for privacy because it stops third parties from being able to intercept transmitted data and use it maliciously, for example for tracking.</p> <p>All browsers are moving towards requiring HTTPS by default; this is practically the case already because you can't do much on the web without this protocol.</p> <p>Related topics are as follows:</p> <dl> <dt id="certificate_transparency"><a href="/en-US/docs/Web/Security/Certificate_Transparency">Certificate Transparency</a></dt> <dd> <p>An open standard for monitoring and auditing certificates, creating a database of public logs that can be used to help identify incorrect or malicious certificates.</p> </dd> <dt id="http_strict_transport_security_hsts"><a href="/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security">HTTP Strict Transport Security (HSTS)</a></dt> <dd> <p>HSTS is used by servers to let them protect themselves from protocol downgrade and cookie hijack attacks by letting sites tell clients that they can only use HTTPS to communicate with the server.</p> </dd> <dt id="http2"><a href="/en-US/docs/Glossary/HTTP_2">HTTP/2</a></dt> <dd> <p>While HTTP/2 technically does not <em>have</em> to use encryption, most browser developers support it only when used with HTTPS; so in that regard, it can be thought of as a feature to enhance security/privacy.</p> </dd> </dl></div></section><section aria-labelledby="opt-in_for_powerful_features"><h3 id="opt-in_for_powerful_features"><a href="#opt-in_for_powerful_features">Opt-in for "powerful features"</a></h3><div class="section-content"><p>So-called "powerful" web API features that provide access to potentially sensitive data and operations are available only in <a href="/en-US/docs/Web/Security/Secure_Contexts">secure contexts</a>, which basically means HTTPS-only. Not only that, but these web features are gated behind a system of user permissions. Users have to explicitly opt in to features like allowing notifications, accessing geolocation data, making the browser go into fullscreen mode, accessing media streams from webcams, using web payments, etc.</p></div></section><section aria-labelledby="anti-tracking_technology"><h3 id="anti-tracking_technology"><a href="#anti-tracking_technology">Anti-tracking technology</a></h3><div class="section-content"><p>Browsers have implemented several anti-tracking features that automatically enhance their users' privacy protection. Many of these block or limit the ability of third-party sites embedded in <a href="/en-US/docs/Web/HTML/Element/iframe"><code>&lt;iframe&gt;</code></a>s to access cookies set on the top-level domain, run tracking scripts, etc.</p> <ul> <li>The <a href="/en-US/docs/Web/HTTP/Headers/Set-Cookie"><code>Set-Cookie</code></a> header <a href="/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value"><code>SameSite</code></a> attribute's default value has been updated to <code>Lax</code>, to provide better protection against tracking and <a href="/en-US/docs/Glossary/CSRF">CSRF</a> attacks. See <a href="/en-US/docs/Web/HTTP/Cookies#controlling_third-party_cookies_with_samesite">Controlling third-party cookies with <code>SameSite</code></a> for more information.</li> <li>Browsers have all started to block third-party cookies by default. See <a href="/en-US/docs/Web/Privacy/Third-party_cookies#how_do_browsers_handle_third-party_cookies">How do browsers handle third-party cookies?</a> for more details.</li> <li>Browsers are implementing technologies to allow third-party cookies only in certain circumstances that do not damage privacy, or to implement common use cases that currently require third-party cookies in alternative ways. See <a href="/en-US/docs/Web/Privacy/Third-party_cookies#transitioning_from_third-party_cookies">Transitioning from third-party cookies</a> and <a href="/en-US/docs/Web/Privacy/Third-party_cookies#replacing_third-party_cookies">Replacing third-party cookies</a>.</li> <li>Several browsers strip out known tracking parameters from URLs — this includes Firefox, Safari, and Brave. Browser extensions also help to do this, for example <a href="https://addons.mozilla.org/en-GB/firefox/addon/clearurls/" class="external" target="_blank">ClearURLs</a>.</li> <li>Browsers have implemented <a href="/en-US/docs/Web/Privacy/Redirect_tracking_protection">redirect tracking protection</a>.</li> </ul></div></section><section aria-labelledby="privacy_considerations_for_client-side_developers"><h2 id="privacy_considerations_for_client-side_developers"><a href="#privacy_considerations_for_client-side_developers">Privacy considerations for client-side developers</a></h2><div class="section-content"><p>There are several actions web developers can and should take to improve privacy for their users. The below sections discuss the most important ones. Some of the categories are not purely technical tasks as such and will involve collaboration with other team members.</p></div></section><section aria-labelledby="collect_data_ethically"><h2 id="collect_data_ethically"><a href="#collect_data_ethically">Collect data ethically</a></h2><div class="section-content"><p>Companies collect lots of different data from their users for a variety of different reasons:</p> <ul> <li>Usernames, passwords, emails, etc. for authentication purposes.</li> <li>Emails, postal addresses, and phone numbers for communication.</li> <li>Age, gender, geographical location, favorite pastimes, and a host of other PII for anything from site personalization to customer satisfaction surveys.</li> <li>Browsing habits on their sites and other sites, to measure page and feature success metrics.</li> <li>And so much more.</li> </ul> <p>When collecting data from your customers, you have an opportunity to behave with integrity, show them that you are trustworthy, and build a great relationship with them, in turn, improving your brand and your chance of success.</p> <p>The ethics of data collection can be broken down into three simple principles:</p> <ul> <li>Don't collect more data than you need</li> <li>Communicate clearly how you are going to use the data you collect</li> <li>Delete the data once you have finished with it</li> </ul> <div class="notecard note"> <p><strong>Note:</strong> The tips provided below make for a better, more privacy-aware user experience, but many of them are required by law to comply with regulations, for example the <a href="https://gdpr.eu/" class="external" target="_blank">GDPR</a> in the EU. You should make sure to find out what regulations apply to you in your locale, and what you need to do to comply with them.</p> </div></div></section><section aria-labelledby="dont_collect_more_data_than_you_need"><h3 id="dont_collect_more_data_than_you_need"><a href="#dont_collect_more_data_than_you_need">Don't collect more data than you need</a></h3><div class="section-content"><p>It is tempting to ask for a lot of data from your users because you think it might be useful in the future. However, every bit of extra data you collect adds risk to your users' privacy and increases the chance that they will abandon the step they are performing (whether it is filling out a survey or signing up for a service).</p> <p>It is good to anonymize data. You should also consider whether you can get what you need by making your data request less granular. As an example, instead of asking a user their favorite products, you could ask them to select between more general categories.</p> <p>The best way to protect user privacy though, is to minimize the data you collect. Referring to the previous example, you could infer the same data by looking at user purchase history. As another example, users appreciate being able to buy products anonymously. You shouldn't force them to sign up for an account; if it's not necessary for the service to operate, it should be their choice.</p></div></section><section aria-labelledby="communicate_clearly_how_you_are_going_to_use_the_data_you_collect"><h3 id="communicate_clearly_how_you_are_going_to_use_the_data_you_collect"><a href="#communicate_clearly_how_you_are_going_to_use_the_data_you_collect">Communicate clearly how you are going to use the data you collect</a></h3><div class="section-content"><p>Once you have decided what data you are going to collect, you should publish a privacy policy on your site that clearly states:</p> <ul> <li>Data that you collect</li> <li>Ways in which you use the data</li> <li>Parties with whom you tend to share the data, if at all, and a declaration that you will ask for user consent before sharing</li> <li>The duration for which you keep the data before it is deleted</li> <li>Ways in which users can view the data you have collected from them and delete it if they want to</li> </ul> <p>When providing you with data, your users should be given an opportunity to read your privacy policy, and consent to it. They should be able to control if they are happy with this and agree to your terms. And as indicated above, they should also get to see what data of theirs you have collected, and delete it if they want to.</p> <p>When you've published your privacy policy, you need to make sure that you comply with it — doing what you say you are going to do is very important in building user trust. You should only collect the data you say you'll collect, and only use it for the purpose you say you'll use it for. If someone from your company comes up with a clever new way to use existing data, that still isn't OK under the terms of your policy if it doesn't specify that you'll use it for that purpose. If users consented to the use of their data for a specific purpose and that purpose expands, you may have to consider obtaining new consent.</p></div></section><section aria-labelledby="delete_the_data_once_you_have_finished_with_it"><h3 id="delete_the_data_once_you_have_finished_with_it"><a href="#delete_the_data_once_you_have_finished_with_it">Delete the data once you have finished with it</a></h3><div class="section-content"><p>Earlier on, we mentioned giving users a way to see what data of theirs you have collected, and delete it if they want to. You could possibly do this as part of the same experience they can use to delete their account (their data goes with it), or make them two separate options. Either way, the options should be easy to find.</p> <p>Allowing the user to choose when significant portions of data get deleted is very empowering, and builds trust, but there may be some bits of data that you will want to handle deletion of yourself. For example, some data might only be used for a few hours or minutes and then deleted, like data that is used during the administration of a user's session while they are logged in.</p> <div class="notecard note"> <p><strong>Note:</strong> The <a href="/en-US/docs/Web/HTTP/Headers/Clear-Site-Data"><code>Clear-Site-Data</code></a> HTTP response header is very useful for clearing short-lived user data — it instructs the browser to clear out its cache and/or cookies and/or storage (e.g. <a href="/en-US/docs/Web/API/Web_Storage_API">Web Storage</a> or <a href="/en-US/docs/Web/API/IndexedDB_API">IndexedDB</a> data). For example, you might get your server to send it along with a "logged out confirmation" page so that once the user is logged out, their data is safely removed.</p> </div></div></section><section aria-labelledby="cut_down_on_tracking"><h2 id="cut_down_on_tracking"><a href="#cut_down_on_tracking">Cut down on tracking</a></h2><div class="section-content"><p>Earlier on we discussed tracking, and some of the unethical purposes it is used for. We shouldn't have to spell out how such uses can erode user trust; wherever possible, you should only use potential tracking mechanisms like <a href="/en-US/docs/Web/Privacy/Third-party_cookies">third-party cookies</a> for ethical uses, such as transferring sign-in or other personalization status across sites.</p> <p>Also recall from earlier that browsers are all starting to block third-party cookies by default, while implementing alternative technologies to achieve common use case. It is a good idea to prepare for this, by limiting the amount of tracking activities you rely on, and/or implementing desired information persistence in other ways. See <a href="/en-US/docs/Web/Privacy/Third-party_cookies#transitioning_from_third-party_cookies">Transitioning from third-party cookies</a> for more information.</p></div></section><section aria-labelledby="carefully_manage_third-party_resources"><h2 id="carefully_manage_third-party_resources"><a href="#carefully_manage_third-party_resources">Carefully manage third-party resources</a></h2><div class="section-content"><p>Of course, it would be easy to manage privacy if you were only worried about resources you have created (code, cookies, sites, etc.). The real challenge comes from the fact that your site will likely use third-party resources. This can include third-party content embedded in <code>&lt;iframe&gt;</code>s, libraries, frameworks, APIs, externally-hosted resources such as images and videos, etc.</p> <p>Third-party resources are an essential part of modern web development, they provide a lot of power. However, any third-party resource you allow onto your site potentially has the same permissions as your own resources; it all depends on how it is included on your site:</p> <ul> <li>JavaScript running inside third-party content embedded in your site via an <code>&lt;iframe&gt;</code> is separated by <a href="/en-US/docs/Web/Security/Same-origin_policy">same-origin policy</a>, meaning that it wouldn't have access to other scripts and data included in the top-level browsing context.</li> <li>However, a third-party script included directly in your page via a <a href="/en-US/docs/Web/HTML/Element/script"><code>&lt;script&gt;</code></a> element <em>would</em> have access to your other scripts and data, whether it was hosted on your site or another site. It would effectively be first-party code. A malicious script included in this way could secretly steal your users' data, for example sending it off to a third-party server.</li> </ul> <p>It is important to audit all of the third-party resources you use on your site. Make sure you know what data they collect, what requests they make and to whom, and what their privacy policies are. Your carefully designed privacy policy is useless if you use a third-party script that violates it.</p> <div class="notecard note"> <p><strong>Note:</strong> There are various tools out there that can help you build up a picture of what requests a site is making, for example the <a href="https://requestmap.webperf.tools/" class="external" target="_blank">Request Map Generator</a>.</p> </div> <p>Once you have audited your third-party resources and understand what they are doing, you should then consider their negatives as a trade-off for the value they bring. If a third-party script is free and really useful but collects quite a lot of user data, you could:</p> <ol> <li>Accept that trade-off, update your privacy policy to include details of it, and hope that it doesn't impact your users' trust too much.</li> <li>Look for an alternative, less data-hungry third-party tool.</li> <li>Build your own tool.</li> </ol> <p>The following list provides some tips on how to mitigate privacy risks inherent with using third-party resources:</p> <ul> <li> <p>When embedding third-party resources, consider if there is a way to achieve the same or a similar effect with less privacy impact. For example, it might be fun to have a social media post viewer embedded on your site, but is it really necessary? Wouldn't a link to your social media page be sufficient? Also, some third-party services have privacy-enhancing options. See, for example, YouTube's <a href="https://support.google.com/youtube/answer/171780" class="external" target="_blank">Embed videos &amp; playlists &gt; Turn on privacy-enhanced mode</a>.</p> </li> <li> <p>Where possible, you should block third parties from receiving a <a href="/en-US/docs/Web/HTTP/Headers/Referer"><code>Referer</code></a> header when you make requests to them. This can be done in a pretty granular way, for example by including <a href="/en-US/docs/Web/HTML/Attributes/rel/noreferrer">rel="noreferrer"</a> on external links. Or, you could set this more globally for the page or site, for example by using the <a href="/en-US/docs/Web/HTTP/Headers/Referrer-Policy"><code>Referrer-Policy</code></a> header.</p> <div class="notecard note"> <p><strong>Note:</strong> See also <a href="/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns">Referer header: privacy and security concerns</a>.</p> </div> </li> <li> <p>Use the <a href="/en-US/docs/Web/HTTP/Headers/Permissions-Policy"><code>Permissions-Policy</code></a> HTTP header to control access to API "powerful features" (such as notifications, geolocation data, accessing media streams from webcams, etc.). This can be useful for privacy because it stops third-party sites from doing unexpected things with these features, and users don't want to be unnecessarily bombarded by permission prompts that they may not understand. You can also control usage of "powerful features" inside third-party sites embedded inside <a href="/en-US/docs/Web/HTML/Element/iframe"><code>&lt;iframe&gt;</code></a> elements by specifying permissions policies inside an <code>allow</code> attribute on the <code>&lt;iframe&gt;</code> itself.</p> <div class="notecard note"> <p><strong>Note:</strong> See also our <a href="/en-US/docs/Web/HTTP/Permissions_Policy">Permissions-Policy guide</a> for more information and examples, and <a href="https://www.permissionspolicy.com/" class="external" target="_blank">permissionspolicy.com</a> for useful tools including a policy generator.</p> </div> </li> <li> <p>Use the <a href="/en-US/docs/Web/HTML/Element/iframe"><code>&lt;iframe&gt;</code></a> <code>sandbox</code> attribute to allow or disallow usage of certain features inside the content embedded in the <code>&lt;iframe&gt;</code> — this includes things like downloads, form submissions, modals, and scripting.</p> </li> </ul> <div class="notecard note"> <p><strong>Note:</strong> See <a href="https://web.dev/learn/privacy/third-parties/" class="external" target="_blank">Third parties</a> over on web.dev for additional useful information on auditing and more.</p> </div></div></section><section aria-labelledby="protect_user_data"><h2 id="protect_user_data"><a href="#protect_user_data">Protect user data</a></h2><div class="section-content"><p>You need to make sure that user data is transmitted and stored securely once you've collected it. This is more of a <a href="/en-US/docs/Web/Security">security</a> topic, but it is worth mentioning here — a good privacy policy is useless if your security is lax and attackers can steal the data from you.</p> <p>The below tips offer some guidance on protecting your user's data:</p> <ul> <li>Security is hard to get right. When implementing a secure solution that involves data collection — particularly if it is sensitive data such as sign-in credentials — it makes sense to use a reputable solution from a well-respected provider. For example, any respectable server-side framework will have built-in features to protect against common vulnerabilities. You could also consider using a specialized product for your purpose — for example an identity provider solution, or a secure online survey provider.</li> <li>If you want to roll out your own solution for collecting user data, make sure you understand what you are doing. Hire an experienced server-side developer and/or security engineer to implement the system, and ensure it is tested thoroughly. Use multifactor authentication (MFA) to provide better protection. Consider using a dedicated API such as <a href="/en-US/docs/Web/API/Web_Authentication_API">Web Authentication</a> or <a href="/en-US/docs/Web/API/FedCM_API">Federated Credential Management</a> to streamline the client-side of the app.</li> <li>When collecting user sign-up information, enforce strong passwords so your user's account details cannot be easily guessed. Weak passwords are one of the main causes of security breaches. Encourage your users to use a password manager to generate and store complex passwords; this way they won't worry about remembering them, or create a security risk by writing them down.</li> <li>Don't include sensitive data in URLs — if a third party intercepts the URL (for example via the <a href="/en-US/docs/Web/HTTP/Headers/Referer"><code>Referer</code></a> header), they could steal that information. Use <code>POST</code> requests rather than <code>GET</code> requests to avoid this.</li> <li>Consider using tools like <a href="/en-US/docs/Web/HTTP/CSP">Content Security Policy</a> and <a href="/en-US/docs/Web/HTTP/Permissions_Policy">Permissions Policy</a> to enforce a set of feature usage on your site that makes it harder to introduce vulnerabilities. Be careful when doing this — if you block usage of a feature that a third-party script relies on to work, you may end up breaking your site's functionality. This is something you can look into when auditing your third-party resources (see <a href="#carefully_manage_third-party_resources">Carefully manage third-party resources</a>).</li> </ul></div></section><section aria-labelledby="see_also"><h2 id="see_also"><a href="#see_also">See also</a></h2><div class="section-content"><ul> <li><a href="/en-US/docs/Web/Security">Web security</a></li> <li><a href="https://web.dev/learn/privacy/" class="external" target="_blank">Learn Privacy</a> on web.dev</li> <li><a href="https://developers.google.com/privacy-sandbox" class="external" target="_blank">The Privacy Sandbox</a> on developers.google.com</li> <li><a href="https://www.mozilla.org/en-US/about/policy/lean-data/" class="external" target="_blank">Lean Data Practices</a> on mozilla.org</li> </ul></div></section></article><aside class="article-footer"><div class="article-footer-inner"><div class="svg-container"><svg xmlns="http://www.w3.org/2000/svg" width="162" height="162" viewBox="0 0 162 162" fill="none" role="none"><mask id="b" fill="#fff"><path d="M97.203 47.04c8.113-7.886 18.004-13.871 28.906-17.492a78 78 0 0 1 33.969-3.39c11.443 1.39 22.401 5.295 32.024 11.411s17.656 14.28 23.476 23.86c5.819 9.579 9.269 20.318 10.083 31.385a69.85 69.85 0 0 1-5.387 32.44c-4.358 10.272-11.115 19.443-19.747 26.801-8.632 7.359-18.908 12.709-30.034 15.637l-6.17-21.698c7.666-2.017 14.746-5.703 20.694-10.773 5.948-5.071 10.603-11.389 13.606-18.467a48.14 48.14 0 0 0 3.712-22.352c-.561-7.625-2.938-15.025-6.948-21.625s-9.544-12.226-16.175-16.44-14.181-6.904-22.065-7.863a53.75 53.75 0 0 0-23.405 2.336c-7.513 2.495-14.327 6.62-19.918 12.053z"></path></mask><path stroke="url(#a)" stroke-dasharray="6, 6" stroke-width="2" d="M97.203 47.04c8.113-7.886 18.004-13.871 28.906-17.492a78 78 0 0 1 33.969-3.39c11.443 1.39 22.401 5.295 32.024 11.411s17.656 14.28 23.476 23.86c5.819 9.579 9.269 20.318 10.083 31.385a69.85 69.85 0 0 1-5.387 32.44c-4.358 10.272-11.115 19.443-19.747 26.801-8.632 7.359-18.908 12.709-30.034 15.637l-6.17-21.698c7.666-2.017 14.746-5.703 20.694-10.773 5.948-5.071 10.603-11.389 13.606-18.467a48.14 48.14 0 0 0 3.712-22.352c-.561-7.625-2.938-15.025-6.948-21.625s-9.544-12.226-16.175-16.44-14.181-6.904-22.065-7.863a53.75 53.75 0 0 0-23.405 2.336c-7.513 2.495-14.327 6.62-19.918 12.053z" mask="url(#b)" style="stroke:url(#a)" transform="translate(-63.992 -25.587)"></path><ellipse cx="8.066" cy="111.597" fill="var(--background-tertiary)" rx="53.677" ry="53.699" transform="matrix(.71707 -.697 .7243 .6895 0 0)"></ellipse><g clip-path="url(#c)" transform="translate(-63.992 -25.587)"><path fill="#9abff5" d="m144.256 137.379 32.906 12.434a4.41 4.41 0 0 1 2.559 5.667l-9.326 24.679a4.41 4.41 0 0 1-5.667 2.559l-8.226-3.108-2.332 6.17c-.466 1.233-.375 1.883-1.609 1.417l-2.253-.527c-.411-.155-.95-.594-1.206-1.161l-4.734-10.484-12.545-4.741a4.41 4.41 0 0 1-2.559-5.667l9.325-24.679a4.41 4.41 0 0 1 5.667-2.559m9.961 29.617 8.227 3.108 3.264-8.638-.498-6.768-4.113-1.555.548 7.258-4.319-1.632zm-12.339-4.663 8.226 3.108 3.264-8.637-.498-6.769-4.113-1.554.548 7.257-4.319-1.632z"></path></g><g clip-path="url(#d)" transform="translate(-63.992 -25.587)"><path fill="#81b0f3" d="M135.35 60.136 86.67 41.654c-3.346-1.27-7.124.428-8.394 3.775L64.414 81.938c-1.27 3.347.428 7.125 3.774 8.395l12.17 4.62-3.465 9.128c-.693 1.826-1.432 2.457.394 3.15l3.014 1.625c.609.231 1.637.274 2.477-.104l15.53-6.983 18.56 7.047c3.346 1.27 7.124-.428 8.395-3.775l13.862-36.51c1.27-3.346-.428-7.124-3.775-8.395M95.261 83.207l-12.17-4.62 4.852-12.779 7.19-7.017 6.085 2.31-7.725 7.51 6.389 2.426zm18.255 6.93-12.17-4.62 4.852-12.778 7.189-7.017 6.085 2.31-7.725 7.51 6.39 2.426z"></path></g><defs><clipPath id="c"><path fill="#fff" d="m198.638 146.586-65.056-24.583-24.583 65.057 65.056 24.582z"></path></clipPath><clipPath id="d"><path fill="#fff" d="m66.438 14.055 96.242 36.54-36.54 96.243-96.243-36.54z"></path></clipPath><linearGradient id="a" x1="97.203" x2="199.995" y1="47.04" y2="152.793" gradientUnits="userSpaceOnUse"><stop stop-color="#086DFC"></stop><stop offset="0.246" stop-color="#2C81FA"></stop><stop offset="0.516" stop-color="#5497F8"></stop><stop offset="0.821" stop-color="#80B0F6"></stop><stop offset="1" stop-color="#9ABFF5"></stop></linearGradient></defs></svg></div><h2>Help improve MDN</h2><fieldset class="feedback"><label>Was this page helpful to you?</label><div class="button-container"><button type="button" class="button primary has-icon yes"><span class="button-wrap"><span class="icon icon-thumbs-up "></span>Yes</span></button><button type="button" class="button primary has-icon no"><span class="button-wrap"><span class="icon icon-thumbs-down "></span>No</span></button></div></fieldset><a class="contribute" href="https://github.com/mdn/content/blob/main/CONTRIBUTING.md" title="This will take you to our contribution guidelines on GitHub." target="_blank" rel="noopener noreferrer">Learn how to contribute</a>.<p class="last-modified-date">This page was last modified on<!-- --> <time dateTime="2024-09-23T13:29:08.000Z">Sep 23, 2024</time> by<!-- --> <a href="/en-US/docs/Web/Privacy/contributors.txt" rel="nofollow">MDN contributors</a>.</p><div id="on-github" class="on-github"><a href="https://github.com/mdn/content/blob/main/files/en-us/web/privacy/index.md?plain=1" title="Folder: en-us/web/privacy (Opens in a new tab)" target="_blank" rel="noopener noreferrer">View this page on GitHub</a> <!-- -->•<!-- --> <a href="https://github.com/mdn/content/issues/new?template=page-report.yml&amp;mdn-url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FPrivacy&amp;metadata=%3C%21--+Do+not+make+changes+below+this+line+--%3E%0A%3Cdetails%3E%0A%3Csummary%3EPage+report+details%3C%2Fsummary%3E%0A%0A*+Folder%3A+%60en-us%2Fweb%2Fprivacy%60%0A*+MDN+URL%3A+https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FPrivacy%0A*+GitHub+URL%3A+https%3A%2F%2Fgithub.com%2Fmdn%2Fcontent%2Fblob%2Fmain%2Ffiles%2Fen-us%2Fweb%2Fprivacy%2Findex.md%0A*+Last+commit%3A+https%3A%2F%2Fgithub.com%2Fmdn%2Fcontent%2Fcommit%2F392ce991114e55e2187510b640ab545d09258a16%0A*+Document+last+modified%3A+2024-09-23T13%3A29%3A08.000Z%0A%0A%3C%2Fdetails%3E" title="This will take you to GitHub to file a new issue." target="_blank" rel="noopener noreferrer">Report a problem with this content</a></div></div></aside></main></div></div><footer id="nav-footer" class="page-footer"><div class="page-footer-grid"><div class="page-footer-logo-col"><a href="/" class="mdn-footer-logo" aria-label="MDN homepage"><svg width="48" height="17" viewBox="0 0 48 17" fill="none" xmlns="http://www.w3.org/2000/svg"><title id="mdn-footer-logo-svg">MDN logo</title><path d="M20.04 16.512H15.504V10.416C15.504 9.488 15.344 8.824 15.024 8.424C14.72 8.024 14.264 7.824 13.656 7.824C12.92 7.824 12.384 8.064 12.048 8.544C11.728 9.024 11.568 9.64 11.568 10.392V14.184H13.008V16.512H8.472V10.416C8.472 9.488 8.312 8.824 7.992 8.424C7.688 8.024 7.232 7.824 6.624 7.824C5.872 7.824 5.336 8.064 5.016 8.544C4.696 9.024 4.536 9.64 4.536 10.392V14.184H6.6V16.512H0V14.184H1.44V8.04H0.024V5.688H4.536V7.32C5.224 6.088 6.32 5.472 7.824 5.472C8.608 5.472 9.328 5.664 9.984 6.048C10.64 6.432 11.096 7.016 11.352 7.8C11.992 6.248 13.168 5.472 14.88 5.472C15.856 5.472 16.72 5.776 17.472 6.384C18.224 6.992 18.6 7.936 18.6 9.216V14.184H20.04V16.512Z" fill="currentColor"></path><path d="M33.6714 16.512H29.1354V14.496C28.8314 15.12 28.3834 15.656 27.7914 16.104C27.1994 16.536 26.4154 16.752 25.4394 16.752C24.0154 16.752 22.8954 16.264 22.0794 15.288C21.2634 14.312 20.8554 12.984 20.8554 11.304C20.8554 9.688 21.2554 8.312 22.0554 7.176C22.8554 6.04 24.0634 5.472 25.6794 5.472C26.5594 5.472 27.2794 5.648 27.8394 6C28.3994 6.352 28.8314 6.8 29.1354 7.344V2.352H26.9754V0H32.2314V14.184H33.6714V16.512ZM29.1354 11.04V10.776C29.1354 9.88 28.8954 9.184 28.4154 8.688C27.9514 8.176 27.3674 7.92 26.6634 7.92C25.9754 7.92 25.3674 8.176 24.8394 8.688C24.3274 9.2 24.0714 10.008 24.0714 11.112C24.0714 12.152 24.3114 12.944 24.7914 13.488C25.2714 14.032 25.8394 14.304 26.4954 14.304C27.3114 14.304 27.9514 13.96 28.4154 13.272C28.8954 12.584 29.1354 11.84 29.1354 11.04Z" fill="currentColor"></path><path d="M47.9589 16.512H41.9829V14.184H43.4229V10.416C43.4229 9.488 43.2629 8.824 42.9429 8.424C42.6389 8.024 42.1829 7.824 41.5749 7.824C40.8389 7.824 40.2709 8.056 39.8709 8.52C39.4709 8.968 39.2629 9.56 39.2469 10.296V14.184H40.6869V16.512H34.7109V14.184H36.1509V8.04H34.5909V5.688H39.2469V7.344C39.9669 6.096 41.1269 5.472 42.7269 5.472C43.7509 5.472 44.6389 5.776 45.3909 6.384C46.1429 6.992 46.5189 7.936 46.5189 9.216V14.184H47.9589V16.512Z" fill="currentColor"></path></svg></a><p>Your blueprint for a better internet.</p><ul class="social-icons"><li><a href="https://mozilla.social/@mdn" target="_blank" rel="me noopener noreferrer"><span class="icon icon-mastodon"></span><span class="visually-hidden">MDN on Mastodon</span></a></li><li><a href="https://twitter.com/mozdevnet" target="_blank" rel="noopener noreferrer"><span class="icon icon-twitter-x"></span><span class="visually-hidden">MDN on X (formerly Twitter)</span></a></li><li><a href="https://github.com/mdn/" target="_blank" rel="noopener noreferrer"><span class="icon icon-github-mark-small"></span><span class="visually-hidden">MDN on GitHub</span></a></li><li><a href="/en-US/blog/rss.xml" target="_blank"><span class="icon icon-feed"></span><span class="visually-hidden">MDN Blog RSS Feed</span></a></li></ul></div><div class="page-footer-nav-col-1"><h2 class="footer-nav-heading">MDN</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a href="/en-US/about">About</a></li><li class="footer-nav-item"><a href="/en-US/blog/">Blog</a></li><li class="footer-nav-item"><a href="https://www.mozilla.org/en-US/careers/listings/?team=ProdOps" target="_blank" rel="noopener noreferrer">Careers</a></li><li class="footer-nav-item"><a href="/en-US/advertising">Advertise with us</a></li></ul></div><div class="page-footer-nav-col-2"><h2 class="footer-nav-heading">Support</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="https://support.mozilla.org/products/mdn-plus">Product help</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/MDN/Community/Issues">Report an issue</a></li></ul></div><div class="page-footer-nav-col-3"><h2 class="footer-nav-heading">Our communities</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/community">MDN Community</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="https://discourse.mozilla.org/c/mdn/236" target="_blank" rel="noopener noreferrer">MDN Forum</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/discord" target="_blank" rel="noopener noreferrer">MDN Chat</a></li></ul></div><div class="page-footer-nav-col-4"><h2 class="footer-nav-heading">Developers</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/Web">Web Technologies</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/Learn">Learn Web Development</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/plus">MDN Plus</a></li><li class="footer-nav-item"><a href="https://hacks.mozilla.org/" target="_blank" rel="noopener noreferrer">Hacks Blog</a></li></ul></div><div class="page-footer-moz"><a href="https://www.mozilla.org/" class="footer-moz-logo-link" target="_blank" rel="noopener noreferrer"><svg width="112" height="32" fill="none" xmlns="http://www.w3.org/2000/svg"><title id="mozilla-footer-logo-svg">Mozilla logo</title><path d="M41.753 14.218c-2.048 0-3.324 1.522-3.324 4.157 0 2.423 1.119 4.286 3.29 4.286 2.082 0 3.447-1.678 3.447-4.347 0-2.826-1.522-4.096-3.413-4.096Zm54.89 7.044c0 .901.437 1.618 1.645 1.618 1.427 0 2.949-1.024 3.044-3.352-.649-.095-1.365-.185-2.02-.185-1.426-.005-2.668.397-2.668 1.92Z" fill="currentColor"></path><path d="M0 0v32h111.908V0H0Zm32.56 25.426h-5.87v-7.884c0-2.423-.806-3.352-2.39-3.352-1.924 0-2.702 1.365-2.702 3.324v4.868h1.864v3.044h-5.864v-7.884c0-2.423-.806-3.352-2.39-3.352-1.924 0-2.702 1.365-2.702 3.324v4.868h2.669v3.044H6.642v-3.044h1.863v-7.918H6.642V11.42h5.864v2.11c.839-1.489 2.3-2.39 4.252-2.39 2.02 0 3.878.963 4.566 3.01.778-1.862 2.361-3.01 4.566-3.01 2.512 0 4.812 1.522 4.812 4.84v6.402h1.863v3.044h-.005Zm9.036.307c-4.314 0-7.296-2.635-7.296-7.106 0-4.096 2.484-7.481 7.514-7.481s7.481 3.38 7.481 7.29c0 4.472-3.228 7.297-7.699 7.297Zm22.578-.307H51.942l-.403-2.11 7.7-8.846h-4.376l-.621 2.17-2.888-.313.498-4.907h12.294l.313 2.11-7.767 8.852h4.533l.654-2.172 3.167.308-.872 4.908Zm7.99 0h-4.191v-5.03h4.19v5.03Zm0-8.976h-4.191v-5.03h4.19v5.03Zm2.618 8.976 6.054-21.358h3.945l-6.054 21.358h-3.945Zm8.136 0 6.048-21.358h3.945l-6.054 21.358h-3.939Zm21.486.307c-1.863 0-2.887-1.085-3.072-2.792-.805 1.427-2.232 2.792-4.498 2.792-2.02 0-4.314-1.085-4.314-4.006 0-3.447 3.323-4.253 6.518-4.253.778 0 1.584.034 2.3.124v-.465c0-1.427-.034-3.133-2.3-3.133-.84 0-1.488.061-2.143.402l-.453 1.578-3.195-.34.549-3.224c2.45-.996 3.692-1.27 5.992-1.27 3.01 0 5.556 1.55 5.556 4.75v6.083c0 .805.314 1.085.963 1.085.184 0 .375-.034.587-.095l.034 2.11a5.432 5.432 0 0 1-2.524.654Z" fill="currentColor"></path></svg></a><ul class="footer-moz-list"><li class="footer-moz-item"><a href="https://www.mozilla.org/privacy/websites/" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Website Privacy Notice</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/privacy/websites/#cookies" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Cookies</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/about/legal/terms/mozilla" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Legal</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/about/governance/policies/participation/" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Community Participation Guidelines</a></li></ul></div><div class="page-footer-legal"><p id="license" class="page-footer-legal-text">Visit<!-- --> <a href="https://www.mozilla.org" target="_blank" rel="noopener noreferrer">Mozilla Corporation’s</a> <!-- -->not-for-profit parent, the<!-- --> <a target="_blank" rel="noopener noreferrer" href="https://foundation.mozilla.org/">Mozilla Foundation</a>.<br/>Portions of this content are ©1998–<!-- -->2024<!-- --> by individual mozilla.org contributors. Content available under<!-- --> <a href="/en-US/docs/MDN/Writing_guidelines/Attrib_copyright_license">a Creative Commons license</a>.</p></div></div></footer></div><script type="application/json" id="hydration">{"url":"/en-US/docs/Web/Privacy","doc":{"isMarkdown":true,"isTranslated":false,"isActive":true,"flaws":{},"title":"Privacy on the web","mdn_url":"/en-US/docs/Web/Privacy","locale":"en-US","native":"English (US)","sidebarHTML":"<ul><li><a href=\"/en-US/docs/Web/Privacy/Firefox_tracking_protection\">Firefox tracking protection</a></li><li><a href=\"/en-US/docs/Web/Privacy/Privacy_sandbox\">Privacy sandbox</a><ul><li><a href=\"/en-US/docs/Web/Privacy/Privacy_sandbox/Enrollment\">Privacy sandbox enrollment</a></li><li><a href=\"/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies\">Cookies Having Independent Partitioned State (CHIPS)</a></li></ul></li><li><a href=\"/en-US/docs/Web/Privacy/Redirect_tracking_protection\">Redirect tracking protection</a></li><li><a href=\"/en-US/docs/Web/Privacy/State_Partitioning\">State Partitioning</a></li><li><a href=\"/en-US/docs/Web/Privacy/Storage_Access_Policy\">Storage access policy: Block cookies from trackers</a><ul><li><a href=\"/en-US/docs/Web/Privacy/Storage_Access_Policy/Errors\">Errors</a></li></ul></li><li><a href=\"/en-US/docs/Web/Privacy/Third-party_cookies\">Third-party cookies</a></li></ul>","body":[{"type":"prose","value":{"id":null,"title":null,"isH3":false,"content":"<p>People use websites for several important tasks such as banking, shopping, entertainment, and paying their taxes. In doing so, they are required to share personal information with those sites. Users place a certain level of trust in the sites they share their data with. If that information fell into the wrong hands, it could be used to exploit users, for example by profiling them, targeting them with unwanted ads, or even stealing their identity or money.</p>\n<p>Modern browsers already have a wealth of features to protect users' privacy on the web, but that's not enough. To create a trustworthy and privacy-respecting experience, developers need to educate their site users in good practices (and enforce them). Developers should also create sites that collect as little data from users as possible, use the data responsibly, and transport and store it securely.</p>\n<p>In this article, we:</p>\n<ul>\n <li>Define privacy and important related terms.</li>\n <li>Examine browser features that automatically protect user privacy.</li>\n <li>Look at what developers can do to create privacy-respecting web content that minimizes the risk of users' personal information/data being obtained unexpectedly by third parties.</li>\n</ul>"}},{"type":"prose","value":{"id":"defining_privacy_terms_and_concepts","title":"Defining privacy terms and concepts","isH3":false,"content":"<p>Before we look at the various privacy and security features available to use on the web, let's define some important terms.</p>"}},{"type":"prose","value":{"id":"privacy_and_its_relationship_with_security","title":"Privacy and its relationship with security","isH3":true,"content":"<p>It is hard to talk about privacy without also talking about security — they are closely related, and you can't really create privacy-respecting websites without good security. Therefore, we shall define both.</p>\n<ul>\n <li>\n <p><strong>Privacy</strong> refers to the act of giving users the right to control how their data is collected, stored, and used, and not using it irresponsibly. For example, you should clearly communicate to your users what data you are collecting, who it will be shared with, and how it will be used. Users must be given a chance to consent to your terms of data usage, have access to all of their data that you are storing, and delete it if they no longer wish you to have it. You must also comply with your own terms: nothing erodes user trust like having their data used and shared in ways they never consented to. And this isn't just ethically wrong; it could be against the law. Many parts of the world now have legislation that protects consumer privacy rights (for example the EU's <a href=\"https://gdpr.eu/\" class=\"external\" target=\"_blank\">GDPR</a>).</p>\n </li>\n <li>\n <p><strong>Security</strong> is the act of keeping private data and systems protected against unauthorized access. This includes both company (internal) data, and user and partner (external) data. It is no use having a robust privacy policy that makes your users trust you if your security is weak and malicious parties can steal their data anyway.</p>\n </li>\n</ul>"}},{"type":"prose","value":{"id":"personal_and_private_information","title":"Personal and private information","isH3":true,"content":"<p><strong>Personal information</strong> is any information that describes a user. Examples include:</p>\n<ul>\n <li>Physical attributes such as height, gender expression, weight, hair color, or age</li>\n <li>Postal address, email address, phone number, or other contact information</li>\n <li>Passport number, bank account, credit card, social security number, or other official identifiers</li>\n <li>Health information such as medical history, allergies, or ongoing conditions</li>\n <li>Usernames and passwords</li>\n <li>Hobbies, interests, or other personal preferences</li>\n <li>Biometric data such as fingerprints or facial recognition data</li>\n</ul>\n<p><strong>Private information</strong> is any information that users do not want shared publicly and must be kept private (i.e., information that is accessible only by a certain group of authorized users). Some private data is private by law (for example medical data), and some is private more by personal preference.</p>"}},{"type":"prose","value":{"id":"personally_identifiable_information","title":"Personally identifiable information","isH3":true,"content":"<p>Following on from the above section, <strong>personally identifiable information</strong> (PII) is information that can be used, in whole or in part, to track down and/or identify a specific person. For example, if a site leaks a list of users' names and zip codes online, a bad actor could almost certainly use this information to find their full addresses. Even if a full-scale leak does not happen, it is still possible to identify users through less obvious means, such as the browsers they are using, the devices they are using, specific fonts they have installed, and so on.</p>"}},{"type":"prose","value":{"id":"tracking","title":"Tracking","isH3":true,"content":"<p><strong>Tracking</strong> refers to the process of recording a user's activity across many different websites. This can be done in various ways, for example:</p>\n<ul>\n <li>Looking at multiple <a href=\"/en-US/docs/Web/Privacy/Third-party_cookies\">third-party cookies</a> set across different sites where third-party content is embedded to find out various information points about the user.</li>\n <li>Looking at the <a href=\"/en-US/docs/Web/HTTP/Headers/Referer\"><code>Referer</code></a> header to see where a user has navigated from.</li>\n <li>Including parameters on the URLs of inbound links (for example in embedded ads linking to product pages, or marketing emails) that can reveal to the linked site where the link originated from, what marketing campaign it is part of, the email address or other identifier of the user that clicked on it, etc. This process is referred to as <strong>link decorating</strong>, and results in link URLs that look like this: <code>https://example.com/article/?id=62yhgt1a&amp;campaign=902</code>.</li>\n <li>Redirect tracking, which involves trackers momentarily (and imperceptibly) redirecting a user to their website to use first-party storage to track that user across websites. This allows trackers to get around third-party cookies being blocked. For example, if you have read a product review and want to click through to buy it, you might unwittingly navigate to the redirect tracker first, <em>then</em> to the retailer. This means the tracker is loaded as a first party, and can associate tracking data with the identifiers they have stored in their first-party cookies before forwarding you to the retailer.</li>\n</ul>\n<p>Tracking data can be used to build a profile of a user and their interests and preferences, which is usually bad and can be annoying to various degrees. For example:</p>\n<ul>\n <li><strong>Targeted ads</strong>: Everyone has had the unnerving experience of researching some items to buy on one device and then suddenly being bombarded by adverts for the same products on all their other devices.</li>\n <li><strong>Selling or sharing data</strong>: Some third parties have been known to compile tracking data and then sell it to/share it with others to use for various purposes, like targeted ads. This is obviously highly unethical and may also be illegal, depending on where in the world it happens.</li>\n <li><strong>Prejudice via data</strong>: In the worst cases, sharing data could result in the user being unfairly disadvantaged. For example, imagine an insurance company finding out data points about a potential customer that they didn't consent to share, and using them as a justification for increasing insurance premiums.</li>\n</ul>"}},{"type":"prose","value":{"id":"fingerprinting","title":"Fingerprinting","isH3":true,"content":"<p>A process very closely related to tracking is <strong>fingerprinting</strong>: this specifically refers to <em>identifying</em> users by building up a store of data points about them that differentiate them from other users. This could be anything from cookie contents to what browser they are using and what fonts they have installed locally.</p>\n<p>Modern browsers take steps to help prevent fingerprinting-based attacks by either not allowing information to be accessed or, where the information must be made available, by introducing variations or \"noise\" that prevent it from being used for identification purposes.</p>\n<p>For example, if a website queries a user's browser for the elapsed time, a comparison of that time to the time reported by the server might be useful as a factor in fingerprinting. Because of this, browsers typically introduce a small amount of variability to timers to make them less useful for identifying the user's system.</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> See <a href=\"https://web.dev/learn/privacy/fingerprinting/\" class=\"external\" target=\"_blank\">Fingerprinting</a> on web.dev for additional useful information.</p>\n</div>"}},{"type":"prose","value":{"id":"privacy_features_provided_by_browsers","title":"Privacy features provided by browsers","isH3":false,"content":"<p>Browser vendors are aware of the need to protect user privacy and the negative effects of tracking, fingerprinting, etc., on user experience. To this end, they have implemented various features that enhance privacy protection and/or mitigate threats. In this section, we look at different categories of privacy protection that browsers apply automatically.</p>"}},{"type":"prose","value":{"id":"https_by_default","title":"HTTPS by default","isH3":true,"content":"<p><a href=\"/en-US/docs/Web/Security/Transport_Layer_Security\">Transport Layer Security (TLS)</a> provides security and privacy by encrypting data during transport over the network and is the technology behind the <a href=\"/en-US/docs/Glossary/HTTPS\">HTTPS</a> protocol. TLS is good for privacy because it stops third parties from being able to intercept transmitted data and use it maliciously, for example for tracking.</p>\n<p>All browsers are moving towards requiring HTTPS by default; this is practically the case already because you can't do much on the web without this protocol.</p>\n<p>Related topics are as follows:</p>\n<dl>\n <dt id=\"certificate_transparency\"><a href=\"/en-US/docs/Web/Security/Certificate_Transparency\">Certificate Transparency</a></dt>\n <dd>\n <p>An open standard for monitoring and auditing certificates, creating a database of public logs that can be used to help identify incorrect or malicious certificates.</p>\n </dd>\n <dt id=\"http_strict_transport_security_hsts\"><a href=\"/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security\">HTTP Strict Transport Security (HSTS)</a></dt>\n <dd>\n <p>HSTS is used by servers to let them protect themselves from protocol downgrade and cookie hijack attacks by letting sites tell clients that they can only use HTTPS to communicate with the server.</p>\n </dd>\n <dt id=\"http2\"><a href=\"/en-US/docs/Glossary/HTTP_2\">HTTP/2</a></dt>\n <dd>\n <p>While HTTP/2 technically does not <em>have</em> to use encryption, most browser developers support it only when used with HTTPS; so in that regard, it can be thought of as a feature to enhance security/privacy.</p>\n </dd>\n</dl>"}},{"type":"prose","value":{"id":"opt-in_for_powerful_features","title":"Opt-in for \"powerful features\"","isH3":true,"content":"<p>So-called \"powerful\" web API features that provide access to potentially sensitive data and operations are available only in <a href=\"/en-US/docs/Web/Security/Secure_Contexts\">secure contexts</a>, which basically means HTTPS-only. Not only that, but these web features are gated behind a system of user permissions. Users have to explicitly opt in to features like allowing notifications, accessing geolocation data, making the browser go into fullscreen mode, accessing media streams from webcams, using web payments, etc.</p>"}},{"type":"prose","value":{"id":"anti-tracking_technology","title":"Anti-tracking technology","isH3":true,"content":"<p>Browsers have implemented several anti-tracking features that automatically enhance their users' privacy protection. Many of these block or limit the ability of third-party sites embedded in <a href=\"/en-US/docs/Web/HTML/Element/iframe\"><code>&lt;iframe&gt;</code></a>s to access cookies set on the top-level domain, run tracking scripts, etc.</p>\n<ul>\n <li>The <a href=\"/en-US/docs/Web/HTTP/Headers/Set-Cookie\"><code>Set-Cookie</code></a> header <a href=\"/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value\"><code>SameSite</code></a> attribute's default value has been updated to <code>Lax</code>, to provide better protection against tracking and <a href=\"/en-US/docs/Glossary/CSRF\">CSRF</a> attacks. See <a href=\"/en-US/docs/Web/HTTP/Cookies#controlling_third-party_cookies_with_samesite\">Controlling third-party cookies with <code>SameSite</code></a> for more information.</li>\n <li>Browsers have all started to block third-party cookies by default. See <a href=\"/en-US/docs/Web/Privacy/Third-party_cookies#how_do_browsers_handle_third-party_cookies\">How do browsers handle third-party cookies?</a> for more details.</li>\n <li>Browsers are implementing technologies to allow third-party cookies only in certain circumstances that do not damage privacy, or to implement common use cases that currently require third-party cookies in alternative ways. See <a href=\"/en-US/docs/Web/Privacy/Third-party_cookies#transitioning_from_third-party_cookies\">Transitioning from third-party cookies</a> and <a href=\"/en-US/docs/Web/Privacy/Third-party_cookies#replacing_third-party_cookies\">Replacing third-party cookies</a>.</li>\n <li>Several browsers strip out known tracking parameters from URLs — this includes Firefox, Safari, and Brave. Browser extensions also help to do this, for example <a href=\"https://addons.mozilla.org/en-GB/firefox/addon/clearurls/\" class=\"external\" target=\"_blank\">ClearURLs</a>.</li>\n <li>Browsers have implemented <a href=\"/en-US/docs/Web/Privacy/Redirect_tracking_protection\">redirect tracking protection</a>.</li>\n</ul>"}},{"type":"prose","value":{"id":"privacy_considerations_for_client-side_developers","title":"Privacy considerations for client-side developers","isH3":false,"content":"<p>There are several actions web developers can and should take to improve privacy for their users. The below sections discuss the most important ones. Some of the categories are not purely technical tasks as such and will involve collaboration with other team members.</p>"}},{"type":"prose","value":{"id":"collect_data_ethically","title":"Collect data ethically","isH3":false,"content":"<p>Companies collect lots of different data from their users for a variety of different reasons:</p>\n<ul>\n <li>Usernames, passwords, emails, etc. for authentication purposes.</li>\n <li>Emails, postal addresses, and phone numbers for communication.</li>\n <li>Age, gender, geographical location, favorite pastimes, and a host of other PII for anything from site personalization to customer satisfaction surveys.</li>\n <li>Browsing habits on their sites and other sites, to measure page and feature success metrics.</li>\n <li>And so much more.</li>\n</ul>\n<p>When collecting data from your customers, you have an opportunity to behave with integrity, show them that you are trustworthy, and build a great relationship with them, in turn, improving your brand and your chance of success.</p>\n<p>The ethics of data collection can be broken down into three simple principles:</p>\n<ul>\n <li>Don't collect more data than you need</li>\n <li>Communicate clearly how you are going to use the data you collect</li>\n <li>Delete the data once you have finished with it</li>\n</ul>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> The tips provided below make for a better, more privacy-aware user experience, but many of them are required by law to comply with regulations, for example the <a href=\"https://gdpr.eu/\" class=\"external\" target=\"_blank\">GDPR</a> in the EU. You should make sure to find out what regulations apply to you in your locale, and what you need to do to comply with them.</p>\n</div>"}},{"type":"prose","value":{"id":"dont_collect_more_data_than_you_need","title":"Don't collect more data than you need","isH3":true,"content":"<p>It is tempting to ask for a lot of data from your users because you think it might be useful in the future. However, every bit of extra data you collect adds risk to your users' privacy and increases the chance that they will abandon the step they are performing (whether it is filling out a survey or signing up for a service).</p>\n<p>It is good to anonymize data. You should also consider whether you can get what you need by making your data request less granular. As an example, instead of asking a user their favorite products, you could ask them to select between more general categories.</p>\n<p>The best way to protect user privacy though, is to minimize the data you collect. Referring to the previous example, you could infer the same data by looking at user purchase history. As another example, users appreciate being able to buy products anonymously. You shouldn't force them to sign up for an account; if it's not necessary for the service to operate, it should be their choice.</p>"}},{"type":"prose","value":{"id":"communicate_clearly_how_you_are_going_to_use_the_data_you_collect","title":"Communicate clearly how you are going to use the data you collect","isH3":true,"content":"<p>Once you have decided what data you are going to collect, you should publish a privacy policy on your site that clearly states:</p>\n<ul>\n <li>Data that you collect</li>\n <li>Ways in which you use the data</li>\n <li>Parties with whom you tend to share the data, if at all, and a declaration that you will ask for user consent before sharing</li>\n <li>The duration for which you keep the data before it is deleted</li>\n <li>Ways in which users can view the data you have collected from them and delete it if they want to</li>\n</ul>\n<p>When providing you with data, your users should be given an opportunity to read your privacy policy, and consent to it. They should be able to control if they are happy with this and agree to your terms. And as indicated above, they should also get to see what data of theirs you have collected, and delete it if they want to.</p>\n<p>When you've published your privacy policy, you need to make sure that you comply with it — doing what you say you are going to do is very important in building user trust. You should only collect the data you say you'll collect, and only use it for the purpose you say you'll use it for. If someone from your company comes up with a clever new way to use existing data, that still isn't OK under the terms of your policy if it doesn't specify that you'll use it for that purpose. If users consented to the use of their data for a specific purpose and that purpose expands, you may have to consider obtaining new consent.</p>"}},{"type":"prose","value":{"id":"delete_the_data_once_you_have_finished_with_it","title":"Delete the data once you have finished with it","isH3":true,"content":"<p>Earlier on, we mentioned giving users a way to see what data of theirs you have collected, and delete it if they want to. You could possibly do this as part of the same experience they can use to delete their account (their data goes with it), or make them two separate options. Either way, the options should be easy to find.</p>\n<p>Allowing the user to choose when significant portions of data get deleted is very empowering, and builds trust, but there may be some bits of data that you will want to handle deletion of yourself. For example, some data might only be used for a few hours or minutes and then deleted, like data that is used during the administration of a user's session while they are logged in.</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> The <a href=\"/en-US/docs/Web/HTTP/Headers/Clear-Site-Data\"><code>Clear-Site-Data</code></a> HTTP response header is very useful for clearing short-lived user data — it instructs the browser to clear out its cache and/or cookies and/or storage (e.g. <a href=\"/en-US/docs/Web/API/Web_Storage_API\">Web Storage</a> or <a href=\"/en-US/docs/Web/API/IndexedDB_API\">IndexedDB</a> data). For example, you might get your server to send it along with a \"logged out confirmation\" page so that once the user is logged out, their data is safely removed.</p>\n</div>"}},{"type":"prose","value":{"id":"cut_down_on_tracking","title":"Cut down on tracking","isH3":false,"content":"<p>Earlier on we discussed tracking, and some of the unethical purposes it is used for. We shouldn't have to spell out how such uses can erode user trust; wherever possible, you should only use potential tracking mechanisms like <a href=\"/en-US/docs/Web/Privacy/Third-party_cookies\">third-party cookies</a> for ethical uses, such as transferring sign-in or other personalization status across sites.</p>\n<p>Also recall from earlier that browsers are all starting to block third-party cookies by default, while implementing alternative technologies to achieve common use case. It is a good idea to prepare for this, by limiting the amount of tracking activities you rely on, and/or implementing desired information persistence in other ways. See <a href=\"/en-US/docs/Web/Privacy/Third-party_cookies#transitioning_from_third-party_cookies\">Transitioning from third-party cookies</a> for more information.</p>"}},{"type":"prose","value":{"id":"carefully_manage_third-party_resources","title":"Carefully manage third-party resources","isH3":false,"content":"<p>Of course, it would be easy to manage privacy if you were only worried about resources you have created (code, cookies, sites, etc.). The real challenge comes from the fact that your site will likely use third-party resources. This can include third-party content embedded in <code>&lt;iframe&gt;</code>s, libraries, frameworks, APIs, externally-hosted resources such as images and videos, etc.</p>\n<p>Third-party resources are an essential part of modern web development, they provide a lot of power. However, any third-party resource you allow onto your site potentially has the same permissions as your own resources; it all depends on how it is included on your site:</p>\n<ul>\n <li>JavaScript running inside third-party content embedded in your site via an <code>&lt;iframe&gt;</code> is separated by <a href=\"/en-US/docs/Web/Security/Same-origin_policy\">same-origin policy</a>, meaning that it wouldn't have access to other scripts and data included in the top-level browsing context.</li>\n <li>However, a third-party script included directly in your page via a <a href=\"/en-US/docs/Web/HTML/Element/script\"><code>&lt;script&gt;</code></a> element <em>would</em> have access to your other scripts and data, whether it was hosted on your site or another site. It would effectively be first-party code. A malicious script included in this way could secretly steal your users' data, for example sending it off to a third-party server.</li>\n</ul>\n<p>It is important to audit all of the third-party resources you use on your site. Make sure you know what data they collect, what requests they make and to whom, and what their privacy policies are. Your carefully designed privacy policy is useless if you use a third-party script that violates it.</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> There are various tools out there that can help you build up a picture of what requests a site is making, for example the <a href=\"https://requestmap.webperf.tools/\" class=\"external\" target=\"_blank\">Request Map Generator</a>.</p>\n</div>\n<p>Once you have audited your third-party resources and understand what they are doing, you should then consider their negatives as a trade-off for the value they bring. If a third-party script is free and really useful but collects quite a lot of user data, you could:</p>\n<ol>\n <li>Accept that trade-off, update your privacy policy to include details of it, and hope that it doesn't impact your users' trust too much.</li>\n <li>Look for an alternative, less data-hungry third-party tool.</li>\n <li>Build your own tool.</li>\n</ol>\n<p>The following list provides some tips on how to mitigate privacy risks inherent with using third-party resources:</p>\n<ul>\n <li>\n <p>When embedding third-party resources, consider if there is a way to achieve the same or a similar effect with less privacy impact. For example, it might be fun to have a social media post viewer embedded on your site, but is it really necessary? Wouldn't a link to your social media page be sufficient? Also, some third-party services have privacy-enhancing options. See, for example, YouTube's <a href=\"https://support.google.com/youtube/answer/171780\" class=\"external\" target=\"_blank\">Embed videos &amp; playlists &gt; Turn on privacy-enhanced mode</a>.</p>\n </li>\n <li>\n <p>Where possible, you should block third parties from receiving a <a href=\"/en-US/docs/Web/HTTP/Headers/Referer\"><code>Referer</code></a> header when you make requests to them. This can be done in a pretty granular way, for example by including <a href=\"/en-US/docs/Web/HTML/Attributes/rel/noreferrer\">rel=\"noreferrer\"</a> on external links. Or, you could set this more globally for the page or site, for example by using the <a href=\"/en-US/docs/Web/HTTP/Headers/Referrer-Policy\"><code>Referrer-Policy</code></a> header.</p>\n <div class=\"notecard note\">\n <p><strong>Note:</strong> See also <a href=\"/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns\">Referer header: privacy and security concerns</a>.</p>\n </div>\n </li>\n <li>\n <p>Use the <a href=\"/en-US/docs/Web/HTTP/Headers/Permissions-Policy\"><code>Permissions-Policy</code></a> HTTP header to control access to API \"powerful features\" (such as notifications, geolocation data, accessing media streams from webcams, etc.). This can be useful for privacy because it stops third-party sites from doing unexpected things with these features, and users don't want to be unnecessarily bombarded by permission prompts that they may not understand. You can also control usage of \"powerful features\" inside third-party sites embedded inside <a href=\"/en-US/docs/Web/HTML/Element/iframe\"><code>&lt;iframe&gt;</code></a> elements by specifying permissions policies inside an <code>allow</code> attribute on the <code>&lt;iframe&gt;</code> itself.</p>\n <div class=\"notecard note\">\n <p><strong>Note:</strong> See also our <a href=\"/en-US/docs/Web/HTTP/Permissions_Policy\">Permissions-Policy guide</a> for more information and examples, and <a href=\"https://www.permissionspolicy.com/\" class=\"external\" target=\"_blank\">permissionspolicy.com</a> for useful tools including a policy generator.</p>\n </div>\n </li>\n <li>\n <p>Use the <a href=\"/en-US/docs/Web/HTML/Element/iframe\"><code>&lt;iframe&gt;</code></a> <code>sandbox</code> attribute to allow or disallow usage of certain features inside the content embedded in the <code>&lt;iframe&gt;</code> — this includes things like downloads, form submissions, modals, and scripting.</p>\n </li>\n</ul>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> See <a href=\"https://web.dev/learn/privacy/third-parties/\" class=\"external\" target=\"_blank\">Third parties</a> over on web.dev for additional useful information on auditing and more.</p>\n</div>"}},{"type":"prose","value":{"id":"protect_user_data","title":"Protect user data","isH3":false,"content":"<p>You need to make sure that user data is transmitted and stored securely once you've collected it. This is more of a <a href=\"/en-US/docs/Web/Security\">security</a> topic, but it is worth mentioning here — a good privacy policy is useless if your security is lax and attackers can steal the data from you.</p>\n<p>The below tips offer some guidance on protecting your user's data:</p>\n<ul>\n <li>Security is hard to get right. When implementing a secure solution that involves data collection — particularly if it is sensitive data such as sign-in credentials — it makes sense to use a reputable solution from a well-respected provider. For example, any respectable server-side framework will have built-in features to protect against common vulnerabilities. You could also consider using a specialized product for your purpose — for example an identity provider solution, or a secure online survey provider.</li>\n <li>If you want to roll out your own solution for collecting user data, make sure you understand what you are doing. Hire an experienced server-side developer and/or security engineer to implement the system, and ensure it is tested thoroughly. Use multifactor authentication (MFA) to provide better protection. Consider using a dedicated API such as <a href=\"/en-US/docs/Web/API/Web_Authentication_API\">Web Authentication</a> or <a href=\"/en-US/docs/Web/API/FedCM_API\">Federated Credential Management</a> to streamline the client-side of the app.</li>\n <li>When collecting user sign-up information, enforce strong passwords so your user's account details cannot be easily guessed. Weak passwords are one of the main causes of security breaches. Encourage your users to use a password manager to generate and store complex passwords; this way they won't worry about remembering them, or create a security risk by writing them down.</li>\n <li>Don't include sensitive data in URLs — if a third party intercepts the URL (for example via the <a href=\"/en-US/docs/Web/HTTP/Headers/Referer\"><code>Referer</code></a> header), they could steal that information. Use <code>POST</code> requests rather than <code>GET</code> requests to avoid this.</li>\n <li>Consider using tools like <a href=\"/en-US/docs/Web/HTTP/CSP\">Content Security Policy</a> and <a href=\"/en-US/docs/Web/HTTP/Permissions_Policy\">Permissions Policy</a> to enforce a set of feature usage on your site that makes it harder to introduce vulnerabilities. Be careful when doing this — if you block usage of a feature that a third-party script relies on to work, you may end up breaking your site's functionality. This is something you can look into when auditing your third-party resources (see <a href=\"#carefully_manage_third-party_resources\">Carefully manage third-party resources</a>).</li>\n</ul>"}},{"type":"prose","value":{"id":"see_also","title":"See also","isH3":false,"content":"<ul>\n <li><a href=\"/en-US/docs/Web/Security\">Web security</a></li>\n <li><a href=\"https://web.dev/learn/privacy/\" class=\"external\" target=\"_blank\">Learn Privacy</a> on web.dev</li>\n <li><a href=\"https://developers.google.com/privacy-sandbox\" class=\"external\" target=\"_blank\">The Privacy Sandbox</a> on developers.google.com</li>\n <li><a href=\"https://www.mozilla.org/en-US/about/policy/lean-data/\" class=\"external\" target=\"_blank\">Lean Data Practices</a> on mozilla.org</li>\n</ul>"}}],"toc":[{"text":"Defining privacy terms and concepts","id":"defining_privacy_terms_and_concepts"},{"text":"Privacy features provided by browsers","id":"privacy_features_provided_by_browsers"},{"text":"Privacy considerations for client-side developers","id":"privacy_considerations_for_client-side_developers"},{"text":"Collect data ethically","id":"collect_data_ethically"},{"text":"Cut down on tracking","id":"cut_down_on_tracking"},{"text":"Carefully manage third-party resources","id":"carefully_manage_third-party_resources"},{"text":"Protect user data","id":"protect_user_data"},{"text":"See also","id":"see_also"}],"summary":"People use websites for several important tasks such as banking, shopping, entertainment, and paying their taxes. In doing so, they are required to share personal information with those sites. Users place a certain level of trust in the sites they share their data with. If that information fell into the wrong hands, it could be used to exploit users, for example by profiling them, targeting them with unwanted ads, or even stealing their identity or money.","popularity":0.0372,"modified":"2024-09-23T13:29:08.000Z","other_translations":[{"locale":"de","title":"Datenschutz im Web","native":"Deutsch"},{"locale":"ja","title":"プライバシー、権限、情報セキュリティについて","native":"日本語"}],"pageType":"guide","source":{"folder":"en-us/web/privacy","github_url":"https://github.com/mdn/content/blob/main/files/en-us/web/privacy/index.md","last_commit_url":"https://github.com/mdn/content/commit/392ce991114e55e2187510b640ab545d09258a16","filename":"index.md"},"short_title":"Privacy on the web","parents":[{"uri":"/en-US/docs/Web","title":"References"},{"uri":"/en-US/docs/Web/Privacy","title":"Privacy on the web"}],"pageTitle":"Privacy on the web | MDN","noIndexing":false}}</script></body></html>