Second You — Data Shield

Identity

0 / 10 acted on

Birthdate precision

identity.birthdateeasy

— not observed —

Gender inferred from name

identity.gender_inferredeasy

— not observed —

Employer from Referer / office ASN

identity.employment_from_asneasy

— not observed —

Hashed email (SHA-256) cross-site ID

identity.hashed_emaileasy

— not observed —

Unified ID 2.0 token in bidstream

identity.uid2_tokeneasy

— not observed —

Email → profile reverse lookup

identity.email_reverse_lookupmedium

— not observed —

Gravatar probe

identity.gravatar_probeeasy

— not observed —

Disposable-email detection

identity.disposable_emailhard

— not observed —

Phone carrier + line-type lookup

identity.phone_carrier_lookupeasy

— not observed —

IP reputation / risk score

identity.ip_reputationhard

— not observed —

Fingerprint

7 / 21 acted on

2 leaked

http.user_agent

User-Agent headereasy

used by every CDN, GA4, Meta

— not observed —

http.accept_language

Accept-Language headereasy

— not observed —

http.client_hints

Sec-CH-UA client hintsmedium

[browser-controlled]

— none —

[browser-controlled]

Couldn’t block

http.sec_gpc

Sec-GPC / DNTeasy

— not observed —

navigator.user_agent

navigator.userAgenteasy

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

navigator.platform

navigator.platformeasy

MacIntel

Win32

navigator.languages

navigator.languages[]easy

— not observed —

navigator.hardware_concurrency

navigator.hardwareConcurrencyeasy

12

4

navigator.device_memory

navigator.deviceMemoryeasy

16

8

screen.resolution

screen.width / screen.heighteasy

width=1728

width=2560

window.device_pixel_ratio

window.devicePixelRatioeasy

2

1

intl.timezone

Intl timezoneeasy

used by FingerprintJS, DataDome, every fraud SDK

— not observed —

canvas.fingerprint

Canvas 2D fingerprintmedium

used by FingerprintJS, DataDome, Cloudflare…

— not observed —

webgl.renderer

WebGL UNMASKED_RENDERERmedium

used by Stripe Radar, PayPal fraud, FingerprintJS Pro

ANGLE (Apple, ANGLE Metal Renderer: Apple M2 Pro, Unspecified Version)

ANGLE (Apple, Apple M2, OpenGL 4.1)

audio.fingerprint

AudioContext fingerprintmedium

— not observed —

fonts.enumeration

Installed font listmedium

— not observed —

storage.cookies_1p

First-party cookieseasy

GET www.instagram.com

— none —

GET www.instagram.com (cookie=441b)

storage.cookies_3p

Third-party cookieseasy

GET static.cdninstagram.com

— none —

GET static.cdninstagram.com

storage.local_storage

localStorage / sessionStorageeasy

a19j42:1776590525323

— none —

a19j42:1776590525323

network.webrtc_local_ip

WebRTC local IP leakmedium

— not observed —

network.ja4_tls

JA4 TLS fingerprintimpossible

used by Cloudflare, Akamai, DataDome

[site-visible]

— none —

[site-visible]

Couldn’t block

Session replay

0 / 6 acted on

3 out of reach

replay.full_dom

Full DOM session playbackimpossible

used by FullStory, Microsoft Clarity, Hotjar…

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

replay.mouse_trajectory

Mouse trajectory heatmaphard

— not observed —

replay.rage_clicks

Rage clickseasy

— not observed —

replay.form_input_unmasked

Form-input capture (unmasked fields)impossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

replay.typed_then_deleted

Typed-then-deleted textimpossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

replay.clipboard

Clipboard / copy eventsmedium

— not observed —

Biometric

0 / 3 acted on

2 out of reach

biometric.keystroke_dynamics

Keystroke dwell + flight timingimpossible

used by BioCatch, TypingDNA, ThreatMetrix…

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

biometric.mouse_dynamics

Mouse dynamics (micro-movements)impossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

biometric.paste_vs_type

Paste-vs-type on sensitive fieldsmedium

— not observed —

Behavioral

0 / 2 acted on

behavioral.pause_before_scroll

Pause-before-scroll (hesitation)hard

— not observed —

behavioral.exit_intent

Exit-intent triggereasy

— not observed —

Purchase intent

0 / 5 acted on

2 out of reach

meta.pixel.view_content

Meta Pixel ViewContentmedium

— not observed —

meta.pixel.add_to_cart

Meta/Google/TikTok AddToCartmedium

— not observed —

meta.pixel.purchase

Meta Pixel Purchase + CAPIimpossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

meta.custom_audience

Custom-audience silent tagginghard

— not observed —

purchase_intent.realtime_score

Real-time purchase-intent scoreimpossible

used by Dynamic Yield, Bloomreach, Adobe Target…

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

Analytics

0 / 6 acted on

ga4.page_view

GA4 page_vieweasy

— not observed —

ga4.engagement_time

GA4 engagement_time_msechard

— not observed —

ga4.scroll_depth

Scroll-depth milestones (25/50/75/90%)medium

— not observed —

ga4.site_search

Site-search query stringmedium

— not observed —

analytics.utm_params

Referrer + UTM sourceeasy

— not observed —

analytics.ab_exposure

A/B experiment variant exposureeasy

— not observed —

Social graph

0 / 4 acted on

2 out of reach

oauth.google_basic

Google OAuth basic scopesimpossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

oauth.facebook_basic

Facebook Login (public_profile + email)impossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

social.contact_upload

Contact-list uploadeasy

— not observed —

social.photo_exif

Photo EXIF metadataeasy

— not observed —

Location

0 / 3 acted on

1 leaked

network.ip_address

IP addresshard

[site-visible]

— none —

[site-visible]

Couldn’t block

location.geolocation_api

HTML5 Geolocation API (precise)easy

— not observed —

location.ip_geo

IP-based geolocationhard

— not observed —

Cross-device

0 / 3 acted on

crossdevice.probabilistic

Probabilistic cross-device (IP + UA + FP)medium

— not observed —

crossdevice.click_ids

Ad click IDs (gclid, fbclid, ttclid, msclkid)easy

— not observed —

crossdevice.meta_fbp_capi

Meta Pixel _fbp + Conversions APIeasy

— not observed —

Denmark-only

0 / 8 acted on

7 out of reach

dk.cpr_number

CPR number (DDMMYY-XXXX)easy

used by every DK bank, A-kasse, insurer…

— not observed —

dk.mitid_oidc

MitID OIDC loginimpossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

dk.mitid_erhverv

MitID Erhverv (business)impossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

dk.mobilepay_trail

MobilePay transaction trailimpossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

dk.rejsekort_log

Rejsekort check-in logimpossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

dk.sundhed_health_graph

Sundhed.dk health graphimpossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

dk.eboks_digital_post

e-Boks / Digital Post metadataimpossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

dk.cvr_lookup

CVR public register lookupimpossible

— none —

— we cannot substitute this —

— nothing sent —

Out of reach · platform limit

Ledger · www.instagram.com

Identity

Fingerprint

Session replay

Biometric

Behavioral

Purchase intent

Analytics

Social graph

Location

Cross-device

Denmark-only