We are occasionally asked if we can embed site-wide code for third-party tools, such as those for web screen reading or analytics. While we understand the use case, we take security very seriously and third-party plug-ins or code applied across the site could risk the security or functionality of our applications.
What kind of things could the addition of these tools do?
a) They could prevent normal operation of a system by making unexpected changes (Availability)
b) Depending on how you have them set up and their purpose, they could potentially change your response data or omit some of it (Integrity)
c) They may also be able to read all the content on the page, if this is what they are designed to do - this may be in breach of local data protection regulations (Confidentiality)
As these are third-party tools, we have no control over what they may do when embedded into our software. Depending on the configuration (in most cases set by you or the external company) these may do one or all of the above and we are powerless to know what changes they may be making, therefore we are unable to support them.
For all of these reasons we'd ask you to think very carefully indeed before opening up your website to potential risks. If you do still wish us to embed third-party code across your site then we will do so as the site is yours, however this will be at your own organisation's risk and will invalidate your SLA with us should it be the cause of any disruption or loss of service/data.
To date, a couple of tools we have been asked to embed have been accessibility-related, and we completely agree with the desire to deliver accessible websites. Our products are all tested for accessibility and are designed to meet W3C WAI WCAG 1.0 & 2.0 Level AA. By following these standards, all our software should be compatible with recent versions of accessibility tools such as screen readers, speech recognition software, operating system accessibility tools such as screen magnifiers, and browser tools such as screen zoom and keyboard navigation - as such, they should not require additional plug-ins or third-party code.
However, we welcome feedback and if anyone is having trouble using any of our products we would like to know so that we can make improvements. Please use the support link at the top of this page to get in touch.
If you wish to collect analytics data - rather than using a tool like Google Tag Manager, which allows code to be injected into a site and controlled externally - the use of standard Google Analytics tracking is better for this task. While we cannot recommend you use any analytics tools without proper thought and care, you can find out more information about Google Analytics on the Google website or in these articles we've written to help you: