If you’ve noticed unfamiliar or suspicious looking scripts or cookies appearing in your Cookie Consent Discovered section, especially ones like inject.js, loader.js, or items from domains you don’t recognize, you’re not alone. These discoveries often don't come from your site, and they don’t necessarily indicate a security issue with your platform.
Osano’s real-time scanning engine is designed to be thorough, and sometimes that means detecting scripts from sources outside your control.
This FAQ is designed to help you understand why unfamiliar or suspicious scripts sometimes appear in the Discovered section and how to handle them safely using Osano.
Why am I seeing scripts I didn’t add?
Osano’s scanning engine doesn’t just check the files hosted on your servers. It observes what tries to run in the browser during a real user’s session. That includes:
- Browser extensions (some of which can be malicious or adware-related, while others are benevolent like translation tools)
- Tag managers or other third-party tools that dynamically inject code
- Conditional content that loads based on behavior, geolocation, or A/B testing
- Scripts loading on other sites that have scraped your content, including Osano.js
So even if a script isn’t on your site, Osano may detect it because it’s trying to load in your users’ browsers while they’re visiting your page.
Does this mean my site has been hacked?
In most cases, no, there’s usually a harmless explanation.
The majority of these detections are caused by:
- Extensions or malware on the end user’s browser
- Scraping tools or bots visiting your site
- Third-party scripts dynamically loading content
These items typically aren’t present on your page source or server. They’re detected because Osano.js scans the browser environment during a visit, not just the static page code. This is actually beneficial, as it allows Osano to detect real-time behavior in the browser that might otherwise go unnoticed.
What should I do if I see one of these?
Here are some steps you can take when unfamiliar or suspicious items show up:
1. Use “Clear & Publish”
If you suspect the discovery was a one-off (perhaps triggered by a user's browser extension) go ahead and publish using the Clear and Publish option to delete the discoveries from your configuration entirely. If it doesn’t return, it was likely a fluke.
2. Ignore or Blocklist the Script
If the script continues to appear:
- Use Ignore if it’s confirmed harmless or unavoidable.
- Use Blocklist if you want to ensure the script is prevented from running on users’ browsers when they visit your site. Blocklisting is especially effective for third-party injection attempts or adware/malware sources. It adds an extra layer of protection for your site's users even if the source isn’t part of your page.
3. Inspect with Developer Tools
Use your browser’s Network tab in Developer Tools to investigate further. If you see that the script is loading only in specific scenarios (or not at all when visiting your own site) it’s likely external to your infrastructure. We also have additional info about researching JavaScript here: Verifying and Researching Unknown JavaScript (JS)
Are these scripts affecting my users?
That depends:
- If the script is injected via a user’s own browser extension, it only affects that user, not your wider audience.
- If it’s loaded dynamically by a third party, it might impact anyone visiting your site, though only under certain conditions.
In either case, Osano helps you stay proactive. By detecting and giving you control over these discoveries, you can choose to block or classify them, even if they weren’t part of your original site code.
What’s the best way to prevent this?
While you can’t always control what happens in your users’ browsers, you can:
- Blocklist suspicious domains to stop scripts from running
- Review Discovered items regularly to ensure items like these aren't missed
- Use the Ignored section and Clear and Publish functionalities wisely to reduce noise
Recap
Osano’s scanner sees everything trying to run in the browser, not just what you host. That means you might see items injected by browser extensions, automation tools, third-party and conditional scripts, and external scrapers.
These findings are common, not a sign your site is compromised, and Osano gives you tools to handle them safely. If you’re unsure whether something poses a real risk, feel free to reach out to your site's technical team, or contact Osano Support for additional guidance.
Related to