Perhaps I am missing something, but I am just learning javascript.
My understanding of Single Origin Policy is that Google Analytics should not be able to send data back to Google.
How is it able to transmit send data to Google without violating the policy?
They, not Google, control what data is collected and how it is used. They retain ownership of the data they collect using Google Analytics, and Google only stores and processes this data per their instructions — for example, to provide them with reports about how visitors use their sites and apps.
When the tracking code loads on the page, a hit is generated and then sent to Google Analytics. This hit gathers all of the known information about the user at that exact moment in time – a snapshot of information. This information is transmitted every time a hit is sent to GA.
Google Analytics is a platform that collects data from your websites and apps to create reports that provide insights into your business.
From what I can tell, a webpage includes the JavaScript file from Google, then that script dynamically adds an image to the page (http://www.google-analytics.com/__utm.gif) which contains the information required for logging.
SOP does not apply to scripts, images or CSS files that are dynamically added to a page. This is why you much trust whatever JavaScript files you include in your webpages, as they will have complete control over the page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With