Summary
Google Analytics tracking ID is visible in configuration file even though analytics is disabled.
Location
_config.yml (line 82)
Description
The configuration file contains a Google Analytics tracking ID:
analytics:
provider: false
google:
tracking_id: UA-XXXXXXXX-XWhile analytics is disabled (provider: false), the tracking ID is still present in the repository.
Impact
- Competitor Analysis: Competitors could identify and monitor the analytics account
- Spam Risk: Tracking ID could be used to send spam data to the analytics account
- Information Disclosure: Reveals analytics infrastructure even when not in use
Impact is minimal but represents unnecessary information exposure.
Remediation
Remove or redact the tracking ID if analytics is not in use:
analytics:
provider: false
google:
tracking_id: "" # or remove line entirelyIf analytics will be re-enabled, consider using environment variables for the tracking ID.
Priority
P3 (Low) - Informational disclosure only
References
- Information disclosure best practices
Summary
Google Analytics tracking ID is visible in configuration file even though analytics is disabled.
Location
_config.yml(line 82)Description
The configuration file contains a Google Analytics tracking ID:
While analytics is disabled (
provider: false), the tracking ID is still present in the repository.Impact
Impact is minimal but represents unnecessary information exposure.
Remediation
Remove or redact the tracking ID if analytics is not in use:
If analytics will be re-enabled, consider using environment variables for the tracking ID.
Priority
P3 (Low) - Informational disclosure only
References