In short, it's your Google Analytics, your Facebook Connect, and any outside external services. Which services? They are the vendors and services you use to enhance your website, to provide your users with the best service and to monetize on it. Used for analytics, real-time chats, advertising or advance marketing; they are a must on almost every website today.

Third-party scripts are executed on the user's browser, basically after all layers of protection we have had concluded their work. Once loaded, these JavaScript components now have full access to our page, they are able to change them, access all information in them (including forms) and can even record keystrokes and save them. Because third-party scripts are hosted on a remote location, site owners are unable to monitor any changes made to them. If and when a third-party vendor is hacked and has its code change to hide malicious activity; we, as site owners are oblivious to it.

Good question, in fact, websites are doing such a good job today protecting all attack vectors that it becomes harder and harder to breach a websites security. In fact, some people think this is exactly why attacks through third-party scripts are rising. Our firewall, WAF, secure connection and many other solutions are focused on our servers and the communication between the browser and them; but as stated before, third-party scripts are executed on the user's browser but are called from a remote server, they are completely outside of our securities system's reach.

The "GDPR" or the "General Data Protection Regulation" is a set of rules and guidelines set by the EU union to protect the privacy of its citizens. Taking affect May 25th 2018, it states (in a nutshell) that a site is liable if any information able to identify an EU user is leakd outside of the EU, this also covers leaks or breaches made by third-parties used by websites. So, how can we help? As explained above (see "Why are third-party scripts dangerous?"), third-party scripts can access any field on the page, this includes any form a website has like login forms, registration forms and so on. These forms hold information that if leaked, will constituted a breach of the "GDPR". Source Defense's Vice is the only system today that allows a website owner to prevent third-party scripts from accessing sensitive areas and can protect such information.

Source Defense's Vice was built to be "transparent" to your third parties, we require no special cooperation in order to work with them.

Source Defense's Vice allows you, as a website owner to set policies for each of the third-parties running on your website. Deciding which areas of your site they can read, where they can write to and what they can change. All of this is enforced in real time, for the first time you have complete power of what a foreign JavaScript can do on your website.

Malvertising (a portmanteau of "malicious advertising") is the use of online advertising to spread malware. Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.