Block online tracking on site

Question

1. Summary

I can't find how I can prevent online tracking on my site, if site visitors don't have any blocking tools.

2. Limitations

I have a static site. It would be nice if any solutions for JavaScript include JQuery and/or any other libraries; But not solutions for dynamic sites.

3. Details

I include to my site third-party frames, videos, widgets and so on, that can include analytics scripts. I don't want visitors of my site to be tracked. I want to block requests.

Visitors of my site can install some browser extension, that prevents online tracking. But users without browser extensions will be tracked.

Is it possible prevent analytics scripts for any modern browser, if the user doesn't have browser extensions or another method for blocking monitoring? If so, what can I do?

4. Example

Simply HTML file Sasha__JavaScript--BlockRequests.html:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Document</title>
    <script src="https://mc.yandex.ru/metrika/watch.js"></script>
    <script src="https://secure.quantserve.com/quant.js"></script>
    <script src="https://secure.gaug.es/track.js"></script>
</head>
<body>

</body>
</html>

I want it so that requests to any URL containing these domain names will be blocked (I use glob patterns in examples):

(In reality, I need to prevent online tracking also for some sites from this list)

It's possible, if visitor use Privacy Badger extension:

Privacy badger prevent tracking

Is it possible, if user doesn't have any extension?

5. Not helped

I found an answer, how, possibly, I can disable own tracker. But I don't use any own analytics, all tracking scripts in my site include the third-party site elements.
I found an answer, how, possibly, I can disable specific tracker. But:
1. I can't find solutions for specific trackers
2. It would be nice to have solution, that will not rely on the settings of a specific tracker
I tried to read more about AJAX, AjaxQ, but I can't find how I can solve my problem.

6. Do not offer

Please don't tell me, I shouldn't interfere with third-party monitoring. I don't approve of any tracking; see my opinion in article Why online tracking is bad.

@B001ᛦ, please, specify, which Stack Overflow rules violate my question. Thanks. — Саша Черных, May 17 '18 at 08:06
@Raptor, can you add an example, how I can apply it on static site? For example, I try add it [**as another HTTP headers**](https://stackoverflow.com/a/36159813/5951529) — [**example**](https://codepen.io/Kristinita/pen/zjmVBB). Requests [**doesn't block for me**](https://s.codepen.io/Kristinita/debug/zjmVBB/DqrDdKJgNOPr). Thanks. — Саша Черных, May 17 '18 at 08:34
Your first link is for caching, not related to tracking; 2nd link is dead. — Raptor, May 17 '18 at 09:24
@Raptor, **Status: incorrect data**: `Your first link is for caching, not related to tracking` — not only for caching, 3 examples for HTTP headers in HTML on this page. But this is not suitable for my case. `2nd link is dead` — [**second**](https://tools.pingdom.com/#!/clXnOd/https://codepen.io/Kristinita/pen/zjmVBB) (and [**third**](https://tools.pingdom.com/#!/cnqoCF/https://s.codepen.io/Kristinita/debug/zjmVBB/ZorBaKBzexzM)) links not dead. Thanks. — Саша Черных, May 17 '18 at 13:00

score 2 · Answer 1 · answered May 17 '18 at 08:07

2

I think you could achieve this by using a Content Security Policy header script-src in the responses which only whitelists the allowed domains. That way the tracking scripts should be blocked by the browser.

answered May 17 '18 at 08:07

brass monkey

5,841
10
36
61

**Status: Not fixed** for me. **Summary**: Sources in ` – Саша Черных May 17 '18 at 12:44
I see, the scripts loaded in the iframe don't get blocked. I'm not quiet sure but maybe you can try to use sandbox attribute on the iframe https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox – brass monkey May 17 '18 at 13:56