U.S. Presidential Campaign Lacks Security

Candidate Websites Filled with Unmanaged Third-Party Code

Insight into how candidates’ campaign websites meet industry best practices for security and data privacy. View the data summary below and download the full report.

Unmanaged third-party code on candidate websites creates risk for consumers. When browsing these sites or making a donation, consumers are exposed to suspicious activity and unnecessary collection of their personal and financial information.

Campaign websites do not meet industry
best practices for security and data privacy.



Executing code from digital third-party vendors


Domains present malicious or suspect activity


Klobuchar’s cookie use is significantly larger than the other candidate websites


Security incidents exposed consumers to adware or typically unwanted programs



Code on the payment pages had zero relevance to the purchase transaction


Code on Booker donation page is NOT relevant to payment processing


Candidates tracking for 20 years or more. All candidates allow tracking of consumers


Distinct data tracking technologies execute on Warren’s donation page. These entities could gain access to consumer payment information.

Controlling Your Digital Ecosystem

To defend against attacks and the misuse of consumer information, every enterprise needs to safeguard their websites or mobile apps. Specifically, they should:

  • Continuously monitor the website from the consumer’s point of view to capture the entire code base involved in rendering each page
  • Understand the provenance of all executing code; digital vendors may have multiple domains performing different functions
  • Analyze the necessity for all code accessing consumer devices to minimize unnecessary data collection, and, as a bonus, realize improved page speed
  • Document, communicate and enforce operational policies with digital vendors to evaluate their compatibility and compliance with your requirements

BOTTOM LINE: Protecting Consumers is Your Responsibility

Candidates—like enterprises—are responsible for the code their websites and mobile apps put on consumer devices. To protect consumers, partners and clients from harm, enterprises need to control the code that executes via their owned digital assets. What’s your website’s attack surface? Request a digital risk scan today.

Get Your FREE Digital Risk Scan