An organization with a primary digital product that lacks even basic data security practices is living in a Utopian world where people leave their safe open and never expect a burglar to walk in. With the advent of SaaS, companies are relying more on more on third-party services for CDNs, analytics, recommendations, loyalty, advertisements, email marketing, etc. But not so much effort is being put in ensuring what data is being shared with these third-parties. As an example: The URL is the most commonly tracked piece of information, the innocent choice to structure a URL based on page content can make it easier to learn a users’ browsing history, address, health information or more sensitive details. They contain sensitive information or can lead to a page that contains sensitive information. But just by adding a simple code snippet in our webpage, for analytics, fonts, etc is enough to leak sensitive data. This talk will focus on creating awareness among developers: How websites are leaking sensitive data with third-parties, how can we audit our apps, to detect such leaks and how we can prevent leaks of sensitive data to third-parties.