Implementation details outside of Mixpanel opt-out page
What are the implementation details outside of the Mixpanel opt-out page?
Background
Mixpanel has a opt-out page https://mixpanel.com/optout/ . After sending "Yes, I would like to refuse". You presumably will not be tracked on any site that uses Mixpanel.
On the opt-out page, the "mp_optout" cookie is set to "1".
$(document).ready(function() {
if (mp.cookie.exists('mp_optout')) {
$('#optout').prop('checked', true);
}
$('#save_button').click(function() {
$('#saved_text').show();
if ($('#optout').prop('checked')) {
mp.cookie.set('mp_optout', 1, 9999, true);
} else {
mp.cookie.remove('mp_optout', true);
}
});
});
How does this setting end up linking to its javascript file, https://cdn.mxpnl.com/libs/mixpanel-2.2.min.js , to bypass tracking?
source to share
Even after the failure, Mixpanel still makes tracking requests to the server. You can see the mp_optout cookie sent with these requests:
You can view the undefined JavaScript file by removing ".min" from the url: https://cdn.mxpnl.com/libs/mixpanel-2.3.js
If you are looking for "optout" you will find this code:
var req = new XMLHttpRequest();
req.open("GET", url, true);
// send the mp_optout cookie
// withCredentials cannot be modified until after calling .open on Android and Mobile Safari
req.withCredentials = true;
Since they clearly want to make sure the mp_output cookie is sent, they are probably using it on the server to ignore the request and not store any data.
source to share