- Issue created by @jurgenhaas
- 🇩🇪Germany kgertz Konstanz
Just an idea that came into my mind about the (external) audit process (regarding the loaded resources and the domains they come from): we could use the user's browsers themselves as "monitoring system" by accessing the browser's Performance API
to evaluate the origins. This could be matched with a list of "allowed domains" in the sense of consent management. So we could, for example, send an alert back to Drupal if the browser detects the loading of a resource from host a when that host / service is not among the ones the user has given consent to.