Web Design / HTML
  1. Home
  2. Computing & Technology
  3. Web Design / HTML

Are favicons a security risk?

By Jennifer Kyrnin, About.com Guide

Question: Are favicons a security risk?
Answer:

In general, using the favicon.ico on your Web pages does not pose a security risk, but there are some issues you should be aware of:

  1. Do not call your favicon.ico with a javascript in the link tag. This could be used to run or install malicious software. (Source Mozilla Foundation Security Advisory 2005-37
  2. There is an issue with the Opera browser 7.5 (and lower) that allows information to be spoofed through the favicon. This doesn't affect Web developers, but rather Opera users themselves. (Source: Secunia
  3. There is a concern that the fact that the favicon was originally requested primarily when a customer bookmarked the site that this could allow Web developers to track who was bookmarking their sites and possibly build profiles of their users. This would invade the privacy of anyone bookmarking a site with Internet Explorer. However, this issue has become less serious now that numerous browsers request the favicon immediately upon entering a site to load it in the address bar or tab bar. (Source: Security Information Week
Explore Web Design / HTML
About.com Special Features
Family Tech Center

Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >

Connect Your Home Computers

Easy ways to connect two computers for networking purposes. More >

Web Design / HTML
  1. Home
  2. Computing & Technology
  3. Web Design / HTML
  4. HTML and XHTML
  5. Advanced HTML Tutorials
  6. Favicon
  7. Are favicons a security risk?>

©2009 About.com, a part of The New York Times Company.

All rights reserved.