Crossing Cross-Domain Paths in the Current Web

TL;DR

This paper investigates the prevalence and characteristics of cross-domain TCP connections in the current web, revealing their commonality, encryption practices, and associations with advertising, social media, and cloud services.

Contribution

It provides a comprehensive analysis of cross-domain TCP connections across a large dataset, highlighting their frequency, content encryption, and domain associations, which enhances understanding of web dependencies.

Findings

Cross-domain connections are extremely common.

Most transmit encrypted content, but mixed content delivery occurs.

Many connections trace to social media and cloud domains.

Abstract

The loading of resources from third-parties has evoked new security and privacy concerns about the current world wide web. Building on the concepts of forced and implicit trust, this paper examines cross-domain transmission control protocol (TCP) connections that are initiated to domains other than the domain queried with a web browser. The dataset covers nearly ten thousand domains and over three hundred thousand TCP connections initiated by querying popular Finnish websites and globally popular sites. According to the results, (i) cross-domain connections are extremely common in the current Web. (ii) Most of these transmit encrypted content, although mixed content delivery is relatively common; many of the cross-domain connections deliver unencrypted content at the same time. (iii) Many of the cross-domain connections are initiated to known web advertisement domains, but a much larger share traces to social media platforms and cloud infrastructures. Finally, (iv) the results differ slightly between the Finnish web sites sampled and the globally popular sites. With these results, the paper contributes to the ongoing work for better understanding cross-domain connections and dependencies in the world wide web.