Session Replay Scripts Could Be Leaking Sensitive Data

Websites running tracking scripts could be inadvertently gathering your sensitive information. Websites use “session replay scripts” to view your mouse movements and keystrokes while visiting their webpage. If you type sensitive information like credit card numbers or passwords, you could be unknowingly sharing this information. Over 400 of the most popular websites record your keystrokes, according to a Princeton research study.

Publishers use session replay or recording scripts to “create a ‘video’ of all of a user’s actions on a site. Publishers can later review the videos.” They use these videos to see how users interact with their content and to then make their websites more user-friendly.

How Session Replay Records Every Keystroke and Mouse Movement

The Privacy Issues with Session Recording

This tracking method is often used on pages where users enter sensitive information like passwords, social security numbers, or credit card numbers. While many of the products used for session replay redact sensitive information, it isn’t always automatic and some information falls through the cracks.

Session replay gives marketers valuable insight into their customers, so it is very valuable to them. However, it is not in the best interest of the customer to make their private information public, and visible.

Best Script Blocker Extensions

One quick and easy way to block these tracking scripts is to use browser extensions. These will prevent the tracking scripts from running, so the website won’t be able to track your movements and interaction with the website.

NoScript Security Suite

NoScript is an extension for Mozilla Firefox that blocks malicious scripts that could be used for tracking purposes. It blocks scripts, plug-ins and other code that could attack your system. Edward Snowden endorses NoScript Security Suite as a tool to fight Surveillance States.


ScriptSafe is like NoScript, but works for Google Chrome and other browsers. It has solid reviews and positive responses from its users online. ScriptSafe lets users easily switch the blocking on and off, if they want to temporarily allow some feature to load. It has recently updated to be more intuitive and user-friendly. ScriptSafe also uses a privacy by design model, which means it uses a “block first, ask later” approach. As a result, Scriptsafe may block some websites you visit regularly by default.