Sensitive data sent to Google Tag Manager detected.
- Rule ID: javascript_third_parties_google_tag_manager
- Languages: javascript
- Source: google_tag_manager.yml
Description
Leaking sensitive data to third parties is a common cause of data leaks and can lead to data breaches. This rule looks for instances of leaking sensitive data to third parties using google tag manager.
❌ Avoid sending sensitive data to third parties:
datalayer.push({
user: {
email: user.email
}
})
✅ If you need to identify a user, ensure to use their unique identifier instead of their personal identifiable information:
datalayer.push({
user: {
uuid: user.uuid
}
})
Resources
Associated CWE
OWASP Top 10
Ready to take the next step? Join the Bearer Cloud waitlist.