Und sie läuft nichtmal, wenn man nur lokale Scripte zulässt.
jquery is permitted only to be stopped by Decentraleyes, which reroutes the request locally to deliver jquery from a browser-local source.
Not the best option, but at least the attackvector is not at jquery at that moment. You have to trust the AddOns-Source, though.
@alsternerd at least those listed are providing content delivery service making the site faster and possibly cheaper to operate....
@saper jquery isn't needed to be embedded from another site, as well as these CDNs. googletagmanager, also isn't needed.
And that there is more than one CDN involved tells me, that some of those embedded scripts load ressources from them.
@saper Also the site is a very static one, if it weren't for the JS, which could also be solved otherwise. It should be no problem to simply deliver the user to another server/IP if there is a need for load balancing.
@saper But yes, it's easier to embed third party stuff. That's why the web is the desaster we have, right now.
@alsternerd I generally don't embed things from random CDNs... just serve it from my own server
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!