Some time ago, the question arose if DNS prefetching is GDPR proof (or any privacy law whereby prior consent is necessary e.g. DSGVO). Does something happen during prefetching that might constitute the sharing and/or storage of analytics or personal data of the end-user?
What is DNS Prefetching?
When a browser starts parsing and subsequently loading/displaying the webpage, it will load external services and content that will be resolved by the domain name. For example, adding:
<link href=”https://fonts.googleapis.com/css2?family=Modak&display=swap” rel=”stylesheet”>
During this process, the link fonts.googleapis.com will be resolved to an IP address to complete the DNS resolution and render the service. DNS resolution might experience latency issues because you’re waiting for the servers to connect and communicate, and the service needs to wait.
What if you could start communicating with the server before the service needs to be rendered and optimize DNS resolution?
This is DNS prefetching. Before the service is loaded, DNS resolution has started to minimize latency between loading the service and contacting the server.
NB. Need a GDPR proof way of adding Google Fonts? Read this article to self-host fonts, no DNS resolution, or prefetch needed.
Is it GDPR Proof?
Yes. DNS prefetching does not share or store any personal data with an external server. In the above example, the prefetch will not reach googleapis.com. During the DNS resolution, it will only try to retrieve the IP address of the service. Resolving the domain googleapis.com to e.g., 123.000.123.0 is without delay and, therefore, is mostly used to optimize websites’ performance.