I've recently got an email from Google, saying that they are going to ban my AdSense account because I'm sending Personally Identifiable Information to them with my Google AdSense tag requests. It says that around 1% of requests from my website have a referrer of:
some_user@my_website.com/some/subpage
and they consider some_user@my_website.com to be PII (even though it can be completely made up abcd1234@my_website.com). More on this here: http://ift.tt/1EoP2sw .
I never link to this kind of URLs (the only form I use is my_website.com/some/subpage), but I guess my users sometimes enter it manually (since product-wise my website is providing an email service, it may seem reasonable by some logic).
I figured URI of some_user@my_website.com/some/subpage is legal since http basic auth allows for specifying user like this. When I entered it manually to Firefox, some_user@ disappears from the location bar but in the Net panel of Firebug I can see all files are indeed requested from some_user@my_website.com/some/subpage and that's how Google sees it too.
I though that as a brute-force solution even something like:
if uri contains '@':
redirect to my_website.com
would do.
I'm using NGINX/UWSGI/Python Paste + JS. I've tried to implement the above condition both on server side and in JS, but my URI always says my_website.com/some/subpage even if I manually put some_user@my_website.com/some/subpage in the browser address bar.
I've also tried configuring basic_auth in NGINX to disallow providing any user but with no effect.
How do I get rid of these requests? How do I get the FULL URI (with some_user@) in JS? I tried document.URI and window.location.href but they didn't contain the user part...
Aucun commentaire:
Enregistrer un commentaire