Netlify is exposing 'cwv-token' on production site, what is this?

daiana · March 14, 2024, 10:01pm

Site-id: e53ffd97-a873-4720-b467-e6ac975c9e49
Upon inspecting the website’s source code, I noticed the inclusion of a script from Netlify. This seems to be related to Real User Metrics, but I’m curious about the visibility of the ‘cwv-token’. I’m puzzled as to why it’s openly displayed when I haven’t implemented any code that would require it. Is concealing this token feasible, or is turning off Real User Metrics the sole solution?

Any guidance on this matter would be greatly valued. Thank you.

hrishikesh · March 15, 2024, 5:32pm

You enabled RUM and it’s required for that. None of that information is sensitive. Or if you’re too concerned, feel free to disable RUM.

daiana · March 18, 2024, 7:24pm

Thank you for the explanation. I was worried it involved sensitive details.