What Are Piggybacking Tags and What Threats Do They Pose?
August 8, 2018|
People worry. They worry they’ll go bald. They worry they’ll drop their wedding ring down the drain. They worry they’ll swallow a spider in their sleep. Worrying is just something we do.
And something digital marketers worry about is piggybacking tags.
For religious digital marketers, worrying about piggybacking tags is the emotional equivalent of worrying you left the stove on and your kitchen is slowly ascending into flames. The feeling may not be quite as intense, but you get the idea.
So piggybacking tags are bad, right? They’re something we should worry about, right?
Yes, but there’s no need to get an ulcer over it. Anyways, you can’t afford the sick days right now.
Piggybacking tags can pose a threat to the integrity and security of your website data—but the threat is very preventable if you’re willing to take the right course of action.
But first, let’s give a face to the adversary we’ve been defaming.
What Is a Piggybacking Tag?
Piggybacking tags are tags invoked by another tag (often called a container tag). Tags are those snippets of code your analytics and martech vendors have you install on your site so they can collect the data they need to operate.
One form of container tag you’re probably familiar with is the TMS container snippet. While not usually considered in the context of tag piggybacking, in function your tag management’s container snippet deploys piggybacking tags. Any tag that acts as a container for other tags uses piggybacking.
Piggybacking tags are most prevalent in the ad-serving community as a way for one ad server’s tag to invoke tags from other servers—allowing multiple tags to collect data without having to implement each individually.
So in reality, piggybacking is common and can be quite useful, when used appropriately. But when mishandled, it can get out of control.
What Dangers Do Piggybacking Tags Pose?
Piggybacking tags can become dangerous because third parties can gain access to your website data. And the effect can snowball: one vendor deploys a container, which deploys another container, and so on. As piggybacking tags daisy-chain downward with more and more tags, the following threats increase in likelihood:
Data leakage. Data leakage is the transmission of website data to an unauthorized party. As more and more tags appear on your site, more parties have access to your data, increasing the likelihood that your data could fall into the wrong hands.
Slow load times. Each piggybacking tag means an additional request to a server somewhere, increasing the load on your visitor’s connection and constricting bandwidth. The result: a slow website. Not ideal.
Data loss. Related to slow website load times, if your tags can’t load fast enough due to conflicting piggybacking tags, you risk losing customer data.
Non-compliance. Especially in the wake of GDPR, it’s important to make sure that data collection complies with both internal and external controls. Non-compliant data collection is more likely to happen if your website is heavy on piggybacking.
Some Ways to Detect Tag Piggybacking
Like I said, not all piggybacking is bad. Still, it’s worrisome mainly because of the hidden nature of it: How can you really know if piggybacking is a problem on your site?
There are some measures you can take. First of all, you’ll want to double check with any agencies whether or not the tags they deploy invoke other tags. Press them for this information, because you have the right to know.
Once you’ve identified potential piggybacking tags (and worked with your vendors to ensure they only deploy approved tags), you will also want to look for any rogue tags, either from past agencies or a legacy implementation.
The hard way to identify potential piggybacking tags is to use your browser’s developer tools to look through network requests and try to identify which calls aren’t hard-coded into your page. But there’s a better way.
If you’re a small-scale organization, then the freemium TagDebugger can help you see which tags are on a page and then you can infer which might be instances of piggybacking.
If you want to take things a step further, you can use an enterprise-grade tool like ObservePoint’s Tag Hierarchy to map out which tags invoke other tags. Tag Hierarchy can drastically simplify the process of discovering tags and seeing how they arrived on your site.
To learn more, schedule a demo with ObservePoint. Then you can stop worrying about piggybacking tags.