WO2021061933A1

WO2021061933A1 - Content server for mapping a plurality of third-party entities and their interdependencies

Info

Publication number: WO2021061933A1
Application number: PCT/US2020/052420
Authority: WO
Inventors: Andrew Robinson; Alexi TUMARKIN
Original assignee: Andrew Robinson; Tumarkin Alexi
Priority date: 2019-09-24
Filing date: 2020-09-24
Publication date: 2021-04-01
Also published as: EP3857857A1; EP3857857A4; CA3116035A1

Abstract

Disclosed is a content server for mapping a plurality of third-party entities and inter-dependencies for information content accessed by a computing device over a public network. The content server comprises one or more processing units and a computer-readable media storing instructions. The content server performs operations comprising: receiving, as an intermediary, a request from the computing device for the information content from a first network site over the public network; requesting the information content from the first network site; receiving the information content within a first data; detecting a link for external information on a third-party entity; storing the link for the external information and the inter-dependencies; receiving the external information from the third-party entity; modifying the information content with the external information producing a modified information content; transmitting the modified information content to the computing device; and generating a request map that includes the stored link and corresponding inter-dependencies.

Description

CONTENT SERVER FOR MAPPING A PLURALITY OF THIRD-PARTY ENTITIES AND THEIR INTERDEPENDENCIES

CROSS-REFERENCE TO RELATED APPLICATION AND CLAIM OF PRIORITY

[0001] The present application claims priority under 35 U.S.C. § 119(e) to earlier filed U.S. provisional patent application No. 62/905,351, filed on September 24, 2019, and titled “Content Server For Mapping A Plurality of Third-party Entities and Their Inter-dependencies For Information Content Accessed By A Computing Device Over A Network,” which is hereby incorporated by reference in its entirety.

[0002] The present application also claims priority under 35 U.S.C. § 120 to related PCT application No. PCT/US 19/52791, filed the same day of September 24, 2019, and titled “Content Server For Providing Application Unification For Public Network Applications,” which is also hereby incorporated by reference in its entirety. Through related PCT application No. PCT/US 19/52793, the present application claims priority under 35 U.S.C. § 119(e) to earlier filed U.S. provisional patent application No. 62/735,617, filed on September 24, 2018, and titled “System and Method for Providing Application Unification For Web Sites and Internet Applications,” which is also hereby incorporated by reference in its entirety.

BACKGROUND

1. Field

[0003] The present disclosure is related to computing systems that communicate over a network, and more specifically, to computing systems that receive, modify, and transfer data over a network. 2. Related Art

[0004] At present, electronic commerce (“e-commerce”) has become a large portion of the world economy. As more businesses provide on-line access to a customer’s information and/or offer to sell products or services over the Internet to the customer, more customers correspondingly interact with these businesses over a public network such as, for example, the Internet. To interact with these businesses over the Internet, end-users (e.g., customers) utilize computing devices that have operating system software that runs one or more Internet browsers (generally referred to as “web browsers” or simply “browsers”) that connect to and interact with websites run and managed by businesses over the World Wide Web (generally referred to simply as “the Web”). These websites include website applications that display information on a webpage of the browser of the computing device that is connected to the website. The websites are text files that utilize hypertext markup language (“HTML”) or other similar markup language (for simplicity referred to herein as just “HTML”).

[0005] These website applications (generally referred to as “Web applications” or “Web apps”) include content (such as, for example, end-user desired content, financial information, advertisement, health related information, music, videos, etc.), images, trackers, customer relationship management (“CRM”) services and business intelligence applications. Typically, these websites often include content, such as images and inline frames (i.e., HTML documents embedded inside another HTML document of a website known as “iframes”), located on servers controlled by second-party and/or third-party entities. A browser loading an HTML webpage will contact these additional servers directly to satisfy external content dependencies within the webpage. As such, some of these Web apps are run by servers controlled and managed by the corresponding business hosting the website and some of the other Web apps are run off-site by second-party and/or third-party entities that control and manage these Web apps instead of the business hosting the website.

[0006] Unfortunately, the functionality offered by these Web apps (that are run off-site from the originally accessed website) introduce visibility and unification concerns that cannot be addressed by existing systems and procedures. Specifically, these types of functionality have multiple security and privacy implications because they include context related to the browsing history of an end-user and they lack transparency since an address bar of a browser only displays the address of the website visited directly. Moreover, “social plugins” enable websites to offer personalized content by leveraging the social graph, and allow their visitors to seamlessly share, comment, and interact with their social circles. These plugins are provided by services, such as, for example, Facebook Inc., of Menlo Park, CA, and are embedded by developers in the form of iframes in the websites that end-users might visit, for instance, to read the news or shop. Once an end-user activates an iframe, the end-user will be directed to a new website controlled and managed by a third-party entity that is not controlled by the first-party entity (i.e., the original business that controlled and managed the original website that the end-user accessed). As such, with this functionality comes the possibility of compromising the privacy of an end-user which may lead to liability (for example a lawsuit and/or a general data protection regulation (“GDPR”) violation in Europe) on the part of the first-party entity even though the privacy of the end-user was compromised by a third-party entity that is beyond the control of the first-party entity.

[0007] At present, more and more businesses that are hosting websites and Web apps are relying on both second-party and third-party entities to delivery key functions on their hosted websites and Web apps. These key functions may include the already discussed content, trackers, CRM services and business intelligence applications. As a result, these second-party and third- party entities have access to website visitors (i.e., the end-users) and the associated data and may, in turn, share that information with or redirect those website visitors to other third-party entities. Consequently, as public networks, such as the Internet, expand and improve, the general public of end-users, enterprise systems, employees and partners, interact (often unknowingly) with an expanding universe of first-parties, second -parties and third-parties.

[0008] In this application, the term first-party entity (or simply “first-party”) refers to primary services such as businesses that run and manage websites and Web apps that end-users want to reach and utilize. Second-party entities (or simply “second-party”) are first-party approved and agented parties (i.e., entities) that operate under the authority and act as an agent on behalf of the first-party. Generally, businesses that operate and manage websites delegate part of the content and/or functionality of the website to a second-party entity operating under a subdomain of the website managed and controlled by the first-party entity. Examples of known second-party entities include content delivery networks and same-site analytics services. Such second-party entities are commonly obligated under contract to share data with the first-party and are controlled and configurable according to the preferences of the first-party. Conversely, third-party entities deliver services through their own distinct domains and have symbiotic relationships to websites of the first-parties. As such, first-parties only have circumstantial knowledge and control over the operations of the third-party entities. Examples of known third-party entities include cross-site social or advertising services.

[0009] Moreover, in the case of an enterprise (i.e., a business), the utilization of third-party entities results in possible security, privacy, and data unification issues that include, for example, data exposure, malware distribution and insertion, information leakage, and regulatory non- compliance. Security and privacy issues arise as a result of the first-party entity not being able to control the third-party entity leading to an end-user and/or the first-party entity being susceptible to any privacy invading actions and/or security flaws at the third-party or malevolent acts performed by the third-party entity. Examples of privacy invading actions include obtaining personal information from the end-user and utilizing it for purposes that the end-user and/or first- party entity did not intend. This also includes loading programs on to the computing device of the end-user without the knowledge of the end-user and/or first-party entity. Moreover, malevolent acts include the inserting malware on the computing device of the end-user without the knowledge and consent of the end-user. The security issues include use of the information of the end-user that violate codes of conduct or even laws of certain jurisdictions and potential security vulnerabilities at the third-party entity that may allow an external party to enter the server of the third-party entity and compromise the information of end-users that accessed, or where part of, the customer data of the first-party entity leading to potential fraudulent activity against some of those end-users and the resulting financial liability of the first-party entity that allowed the comprising of that customer data.

[0010] Furthermore, third-party entities may unilaterally change the way that they do business with a first-party entity, preventing the first-party entity to properly either monetize or use data from their own customers (i.e., the end-users). Unfortunately, in these situations, customer data (i.e., data from the end-user) are shared with a broad range of application providers (i.e., third- party entities) and the provider relationships (i.e., first-party entity to third-party entity relationships) are constantly changing. Still further, a compromised provider (i.e., third-party entity) may become a source of threats or breach for the first-party entity. [0011] For a website of a publisher (i.e., enterprise), content is king in that the content of the website is what draws and engages end-users for ah of the content of the publisher. Usually quality content equates to more end-users and more engagement for the website of the publisher. Generally, the publisher needs to monetize this content whether through subscription, advertising or other means. In the advertising ecosystem of e-commerce, third-party entity tag and data nature of the advertising ecosystem is an attractive technology for monetizing this content because it allows fast integration and data sharing between multiple partners (i.e., the first-party entity and second-party and third-party entities); however, this advertising ecosystem may also become detrimental to the economic success of the publisher, when a third-party entity unilaterally decides to change what it is doing.

[0012] Moreover, it becomes more difficult for the first-party entity to control data and transaction reliability and the end-user experience when the first-party entity utilizes redirects over the Internet to redirect end-users to new content producing or data recording and/or processing third-party entity servers that allow totally independent third-party entities to control the user experience of the end-user and may damage the relationship between the end-users and publisher. The damage to the relationship may be the result of quality issues such as, for example, quality of service, latency delays, and security and privacy issues. As an example of problems with transaction reliability, when the hypertext transfer protocol (“HTTP”) cookies (also known as a web cookies, Internet cookies, browser cookies, or simply as “cookies” - a small piece of data sent from a website and stored on the computing device of the end-user by web browser while the end- user is browsing the Internet) or data of an end-user is passed between multiple third-party applications (that may be utilized for “synching” or maintaining session persistence), the cookies and data cannot be assumed to be 100% reliable and could result in “lost” or “corrupted” data and/or indefinite delayed communications between the end-user and third-party entities.

[0013] As an example illustrating the above discussed problems, in FIG. 1, a system block diagram is shown of an example of a known e-commerce communication system 100 between a computing device 102 and a plurality of Internet publishers 104, 106, and 108 over a public network 110 such as the Internet. The computing device 102 may be, for example, a personal computer 112 (including a desktop, tower, or other similar devices), portable computer 114 (including a laptop, notebook, or tablet computer, or other similar devices), mobile device 116 (including a tablet, smartphone, or other similar devices), server 118, or other type of computing device capable of connecting to the plurality of Internet publishers 104, 106, and 108 over the Internet 110 such as video gaming counsels, or other smart devices. In general, the computing device 102 is operated by an end-user 120 via a browser 122 running on the display screen 124 of a video display 126 of the computing device 102.

[0014] In this example, the plurality of Internet publishers 104, 106, and 108 are each first- party entities that contain information that the end-user 120 desires access to. In order to receive that information, the end-user 120 enters an Internet address of a publisher of the plurality of Internet publishers 104, 106, and 108 into an address line 128 of the browser 122. For example, that Internet address may direct the computing device 102 to a first publisher 104, via signal path 129, that runs a website 130. The website 130 will include blocks 132 of data and/or content, some of which the end-user 120 desires to access. Once the browser 122 connects to the website 130 of the publisher 104, the browser 122 will display the website 130 within a webpage 134 produced by the browser 122. In this example, the webpage 134 will display blocks 136 of data and/or content that may be the same or related to the blocks 132 on the website 130. In general, some of the blocks 132 on the website 130 may be produced by the publisher 104 and some of the other blocks 132 may be produced by second-party and/or third-party entities (i.e., entities that are not the publisher 104). Similarly, some of the blocks 136 on the webpage 134 may be produced by the publisher 104 and some of the other blocks 132 may be produced by second-party and/or third- party entities. In general, some of the blocks 136 of the webpage 134 may be different than the blocks 132 of the website 130 because blocks 136 of the webpage 134 may be personalized to the computing device 102 and/or end-user 120. Examples of the plurality of Internet publishers 104, 106, and 108 may include financial institutions (i.e., banks, investment firms, etc.), health providers, on-line retailers, news agencies, search engines, cloud computing services, on-line games, media content providers, etc.

[0015] Turning to FIG. 2, a system block diagram is shown of an example of the known e- commerce communication system 100 shown and discussed in relation to FIG. 1 with second- party entities 200 and third-party entities 202. In this example, the publisher 104 is again shown in signal communication with the computing device 102 via the signal path 129 (shown in FIG. 1) that runs through the Internet 110. The publisher 104 is also shown to have relationships with, for example, a specific second-party entity of the second-party entities 200 and three or more third- party entities 204, 206, and 208. The relationships between the publisher 104 and the second-party entity of the specific second-party entities 200 and the three or more third-party entities 204, 206, and 208 are shown as dotted-line paths 210, 212, 214, and 216, respectively. These relationships may be, for example, contractual relationships between the publisher 104 and the second-party entities 200 and three or more third-party entities 204, 206, and 208 to provide services to the end- user 120 and/or publisher 104, where the publisher 104 includes software code within the blocks 132 of the website 130, hosted by the publisher 104, that will redirect requests to the publisher 104 from the end-user 120 utilizing the computing device 102 via the webpage 134. It is noted that the relationship dotted-line paths 210, 212, 214, and 216 are shown solely for the purposes of establishing that the publisher 104 has some type of relationship with the second-party entity of the second-party entities 200 and the three or more third-party entities 204, 206, and 208 but are generally not signal paths that establish direct communication between the publisher 104 and the second-party entities 200 and the three or more third-party entities 204, 206, and 208. Specifically, the computing device 102 will not communicate with the second-party entity of the second-party entities 200 and the three or more third-party entities 204, 206, and 208 via the publisher 104. [0016] In this example, the third-party entities 202 are shown divided into first-tier 218, second-tier 220, and third-tier 222 third-party entities 202. The first-tier 218 includes the three or more third-party entities 204, 206, and 208. Similarly, the second-tier 220 includes another three or more third-party entities 224, 226, and 228. For simplicity the third-tier 222 is shown including at least one third-party entity 230. Similar to the situation described earlier with relation to the publisher 104, each third-party entity 204, 206, 208, 224, 226, 228, and 230 may include one or more relationships to other third-party entities. Generally, there is no limit to the number and combination of relationships that may exist between the third-party entity 204, 206, 208, 224, 226, 228, and 230 and other third-party entities. As an example, the third-party entity 204 (of the first- tier 218) is shown having at least three relationships (shown as dotted-line paths 232, 234, and 236) with the third-party entities 224, 226, and 228, respectively. Again, these relationships are similar to the relationships described in relation to the relationship dotted-line paths 210, 212, 214, and 216 shown for the publisher 104. It is appreciated by those of ordinary skill in the art that the relationships may also be shown from any of the third-party entities 224, 226, and 228 of the second-tier 220 and the at least one third-party entity 230 or other third-party entities (not shown) of the third-tier 222 or of other number of tiers (not shown).

[0017] In an example of operation, the end-user 120 utilizes the webpage 134 in the browser 122 (that is running on the computing device 102) to access the website 130 running on the publisher 104. The end-user 120 may provide the publisher 104 with an end-user data 238 that is sent from the browser 122, running on the computing device 102, to the publisher 104 via signal path 129. In this example, the signal path 129 is one of a plurality of signal paths 240 that are in signal communication with the computing device 102. The other signal paths 242, 244, 246, 248, 250, 252, 254, and 256, respectively, are signal paths from the computing device 102 to the second- party entities 200, third-party entities 204, 206, and 208 of the first-tier 218, third-party entities 224, 226, and 228 of the second-tier 220, and the third-party entity 230 of the third-tier 222. In this example, part of the end-user data 238 will be transmitted from the computing device 102 to the publisher 104 via signal path 129 and other parts of the end-user data 238 will be transmitted from the computing device 102 to the second-party entities 200 and third-party entities 202 via signal paths 242, 244, 246, 248, 250, 252, 254, and 256. The signal paths 242, 244, 246, 248, 250, 252, 254, and 256 are the result of the publisher 104 including software code in some of the blocks 132 of the website 130 that are passed to some of the blocks 136 of the webpage 134 shown on the browser 122 of the computing device 102. This software code when run of the webpage 134 directs the browser 122 of the computing device 102 to establish a connection to an Internet address of the corresponding second-party entities 200 or third-party entities 202 to which the publisher 104 has a relationship. In general, the software code may be a hyperlink that when activated by the end-user 120 may direct the browser 122 to a server that is external to the publisher 104 and will communicate directly with computing device 102. [0018] In general, the publisher 104 utilizes this type of software code to send some or all of the end-user data 238 to the second-party entities 200 and/or the third-party entities 202 to delegate part of the content and/or functionality of the website 130 run and/or managed by the publisher 104. Based on the previously established relationship, if the publisher 104 sends part or all of the end-user data 238 or redirects the webpage 134 to the second-party entities 200, the second-party entities 200 are commonly obligated to share the end-user data 238 with the publisher 104 (i.e., the first-party) and are controlled and configurable according to the preferences of the publisher 104. As an example, the publisher 104 may be content delivery network and a second-party entity of the second-party entities 200 may be an analytics service.

[0019] Alternatively, the third-party entities 202 are generally independent entities that the publisher 104 only has circumstantial knowledge and control over their operations. As an example, the publisher 104 may be a cross-site social website and/or service and the third third- party entities 202 may be advertising services. However, unlike the second-party entities 200, when the third-party entities 202 receive part of all of the end-user data 238 or simply the browser 122 is redirected to one of the third-party entities 202, that end-user data 238 may be shared or sent and/or the browser 122 may be redirected to other third-party entities 202 not known to, or controllable by, the publisher 104 (e.g., the third-party entities 202 of the second-tier 220, third- tier 222, or more). As an example, if the first third-party entity 204 receives part of or all of the end-user data 238 or a redirect of the browser 122, the first third-party entity 204 may then share or send that end-user data 238 or again redirect the browser 122 to the second-tier 220 of third- party entities 202. Similarly, a first third-party entity 224 of the second-tier 220 may receive the part of or all of the end-user data 238 or browser 122 redirect from the first third-party entity 204 and further share that part of or all of the end-user data 238 or redirect the browser 122 with a plurality of third-tier 222 of third-party entities 202 (i.e., third-party entity 230), and so on. In each of these examples, the software code activated by the browser 122 establishes direct signal communication (via signal paths 250, 252, 254, and 256) with the second-tier 220 and third-tier 222 third-party entities 202. As a result, these signal paths 250, 252, 254, and 256 are invisible and unknown to both the end-user 120 and the publisher 104 where the publisher 104 is generally only aware of the first-tier 218 third-party entities 202 and the end-user 120 is only aware of the publisher 104 and generally believes that their end-user data 238 is being utilized exclusively by the publisher 104.

[0020] Unfortunately, it is appreciated by those of ordinary skill in the art that the present situation for e-commerce described introduces risk management issues. In this situation, the publisher 104 and end-user 120 do not know where the end-user data 238 goes. This may lead to security issues and compliance liabilities enabled by the third-party entities 202. Furthermore, as discussed earlier, the redirects over the Internet to new content producing or data recording and/or processing servers will allow totally independent third-party entities 202 to control the user experience of the end-user 120 and may damage the relationship between the end-user 120 and publisher 104 because of quality issues such as, for example, quality of service, latency delays, and security and privacy issues.

[0021] In order to help mitigate these negative effects, tools have been developed to map out all third-party entities and their interdependencies offline by studying the requests in a web browser or a tool mimicking the behavior of a web browser. Generally, when an end-user downloads a webpage from a website using the web browser of the end-user, the web browser constructs the web page from a multitude of requests. These requests follow the directives contained in various parts of the webpage starting with the HTML (initial description of the main elements of the page). This HTML contains executable JavaScript as well as references to external scripts, stylesheets, images and other elements. As discussed earlier, many of these requests belong to third-party entities. When the browser executes the HTML, JS, and CSS code, it has the ability to “understand” where each of the parts of the code originate from and where the network calls originate from. By properly instrumenting the browser (or using APIs provided by developers of browser’s software such as Google’s Chrome, for example), one has the ability to take a snapshot of all requests and their inter-dependencies. Using this approach a request map or tracking map may be generated that shows the requests and their inter-dependencies.

[0022] In FIG. 3, a block diagram of an example of a request map 300 is shown for the US government website www.uspto.gov. In this example, the target site (www.uspto.gov) makes calls to various subdomains of google (www.google-analytics.com and www.googletagmanager.com) and gateway.foresee.com. From this request map 300 it seems that the bulk of the content on www.uspto.gov comes from the site itself based on the size of blob which generally is proportional to the percentage of total bytes utilized. This example is for illustration purpose and shows a simple government website where there are a few redirects to www.google-analytics.com, www.googletagmanager.com, and gateway.foresee.com. In contrast, when it comes to an ecommerce website or a website generating advertising revenue, third-party entities are everywhere because the third-party entities are incorporated in these types of websites for analytics, advertising, tracking, attribution, etc.

[0023] Unfortunately, while these prior art approaches provide a useful insight into the browser behavior, they are not sufficient to provide a complete visibility and an absolute control of all transactions between the end-users of a website and all parties involved in content generation and delivery into the browsers of the end-users. Additionally, these approaches are done offline from the browser of end-user (or mimicking tool), where the end-user is direct contact with all the third-party entities. As such, there is a need for a system and method that addresses these problems.

SUMMARY

[0024] A content server for mapping a plurality of third-party entities and their inter dependencies for information content accessed by a computing device over a public network is disclosed. The content server comprises one or more processing units and a computer-readable media storing instructions. When the instructions are executed by the one or more processing units, the instructions cause the content server to perform operations comprising: receiving, as an intermediary, with the content server a request from the computing device for the information content from a first network site of one or more network sites in signal communication with the public network; requesting the information content from the first network site with the content server; receiving, from the first network site, the information content within a first data; detecting a link for external information within the information content, wherein the external information is located on a third-party entity of the plurality of third-party entities; storing the link for the external information and the inter-dependencies corresponding to the link; receiving the external information from the third-party entity; modifying the information content with the external information to produce a modified information content; transmitting the modified information content to the computing device; and generating a request map that includes the stored link and corresponding inter-dependencies.

[0025] Other devices, apparatuses, systems, methods, features, and advantages of the invention will be or will become apparent to one with skill in the art upon examination of the following figures and detailed description. It is intended that all such additional devices, apparatuses, systems, methods, features, and advantages be included within this description, be within the scope of the invention, and be protected by the accompanying claims.

BRIEF DESCRIPTION OF THE FIGURES

[0026] The invention may be better understood by referring to the following figures. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the invention. In the figures, like reference numerals designate corresponding parts throughout the different views.

[0027] FIG. 1 is a system block diagram of an example of a known e-commerce communication system between a computing device and a plurality of Internet publishers over a public network such as the Internet.

[0028] FIG. 2 is a system block diagram of an example of the known e-commerce communication system shown and discussed in relation to FIG. 1 with second-party entities and third-party entities. [0029] FIG. 3 is a block diagram of an example of a request map for the US government website www.uspto.gov.

[0030] FIG. 4 is a system block diagram of an example of a communication system between a computing device and a publisher over a public network such as, for example, the Internet in accordance with the present disclosure.

[0031] FIG. 5 is a system block diagram of an example of the communication system between the computing device, publisher, and multiple tiers of the third-party entities in accordance with the present disclosure. [0032] FIG. 6 is a system diagram is shown illustrating an example of another implementation of the communication system where the content server manages data in accordance with the present disclosure.

[0033] FIG. 7 is a system diagram of an example of an implementation of components of a device, such as a device of the one or more devices, configured to receive requests from the computing device, send requests for data from the publisher and third-party entities, receiving data from the publisher and third-party entities, and sending the data to the computing device, respectively. [0034] FIG. 8 is a system diagram of an example of an implementation of the display of the computing device in accordance with the present disclosure.

[0035] FIG. 9 is a system block diagram of an example of another implementation of a content server in accordance with the present disclosure.

[0036] FIG. 10 is a flowchart of an example of an implementation of a method for a content server in accordance with the present disclosure.

DETAILED DESCRIPTION

[0037] Disclosed is a content server for mapping a plurality of third-party entities and their inter-dependencies for information content accessed by a computing device over a public network. The content server comprises one or more processing units and a computer-readable media storing instructions. When the instructions are executed by the one or more processing units, the instructions cause the content server to perform operations comprising: receiving, as an intermediary, with the content server a request from the computing device for the information content from a first network site of one or more network sites in signal communication with the public network; requesting the information content from the first network site with the content server; receiving, from the first network site, the information content within a first data; detecting a link for external information within the information content, wherein the external information is located on a third-party entity of the plurality of third-party entities; storing the link for the external information and the inter-dependencies corresponding to the link; receiving the external information from the third-party entity; modifying the information content with the external information to produce a modified information content; transmitting the modified information content to the computing device; and generating a request map that includes the stored link and corresponding inter-dependencies.

[0038] Various examples, scenarios, and aspects are described below with reference to FIGS. 1-9.

[0039] In general, the present application describes a content server for providing a request map for a target website accessed by a computing device of an end-user over a public network. The content server is located between the computing device and the target website on the public network in a completely transparent manner that preserves the integrity of all transactions between a browser on the computing device and the target website and all other servers linked to the target website. Since the content server is accessing the target website as a proxy for the computing device, the content server provides a complete visibility and an absolute control of all transactions between the computing device and the target website and all second-party and third-party entities linked to the target website that are involved in content generation and delivery to the browser of the computing device. In this application, the one of more public network websites (such as the target website) may generally referred to as Internet publishers (or simply “publishers”). [0040] In this disclosure, in order to keep all transactions flowing through the content server, a comprehensive rewriting mechanism converts all third-party entity requests to point to a domain under the control of content server, such that the content server receives and processes all browser interactions. A part of the content server inserts special directives (i.e., code), to be executed inside the browser utilized by the end-user of the computing device, that provides an additional ability for the content server to determine “hidden” dependencies between different requests. As an example, even if a certain request was explicitly referenced in the original HTML, many browsers will not send a so-called “REFERER” header (i.e., a reference to the URI of the HTML which contained a corresponding external call); however by marking this reference while transforming/rewriting the original HTML code, the content server inserts the origination information in the modified addresses of the subsequent requests.

[0041] Generally, in this application, these website applications (generally referred to as “Web applications” or “Web apps”) include content (such as, for example, end-user desired content, financial information, advertisement, health related information, music, videos, etc.), images, trackers, customer relationship management (“CRM”) services and business intelligence applications. Typically, these websites often include content, such as images and inline frames (i.e., HTML documents embedded inside another HTML document of a website known as “iframes”), located on servers controlled by second-party entities and/or third-party entities. A browser loading an HTML webpage will contact these additional servers directly to satisfy external content dependencies within the webpage. As such, some of these Web apps are run by servers controlled and managed by the corresponding business hosting the website (i.e., a first-party entity generally referred to as a publisher) and some of the other Web apps are run off-site by second- party entities and/or third-party entities that control and manage these Web apps instead of the publisher hosting the website.

[0042] As discussed earlier, the functionality offered by these Web apps (that are run off-site from the originally accessed website of the publisher) introduce visibility and unification concerns because they include context related to the browsing history of an end-user and they lack transparency since an address bar of a browser only displays the address of the website visited directly by the end-user. Some of these Web apps are plugins that are provided by services and are embedded by developers in the form of iframes in the websites that end-users might visit, for instance, to read the news or shop. Once an end-user activates an iframe with the browser, the end-user is directed to a new website controlled and managed by a third-party entity that is not controlled by the publisher (i.e., the first-party entity that is the original business that controls and manages the original website that the end-user accessed). As such, with this functionality comes the possibility of compromising the privacy of an end-user which may lead to liability on the part of the publisher even though the privacy of the end-user was compromised by a third-party entity that is beyond the control of the publisher.

[0043] In this application, the terms publisher and/or first-party entity (or simply “first-party”) refers to primary services such as a business that runs and manages at least one website and/or Web app that end-users want to reach and utilize. Second-party entities (or simply “second-party”) are first-party approved and agented parties (i.e., entities) that operate under the authority and act as an agent on behalf of the publisher. As discussed earlier, publishers that operate and manage websites generally delegate part of the content and/or functionality of the website to a second- party entity operating under a subdomain of the website managed and controlled by the publisher. Examples of known second-party entities include content delivery networks and same- site analytics services. Such second-party entities are commonly obligated under contract to share data with the publisher and are controlled and configurable according to the preferences of the publisher. Conversely, third-party entities deliver services through their own distinct domains and have symbiotic relationships to websites of the publisher. As such, publishers only have circumstantial knowledge and control over the operations of the third-party entities. Examples of known third-party entities include cross-site social or advertising services.

[0044] In this disclosure, the inter-dependencies of the third-party entities refers to discovering the invocations (i.e., requests for access to information) by one third-party entity of other third- party entities that may in turn invoke other third-party entities. Examples of inter-dependencies includes discovering tags from tag management systems (“tag managers”) that are utilized to insert tags (which are third-party code) into a website. The tags are generally update measurement codes and related code fragments that are utilized on websites and mobile applications. They are also generally known as, for example, tracking pixels, web beacons, web bug, tracking bug, web tag, page tag, pixel tag, or clear GIF. The tags are techniques utilized on website (web pages), mobile applications, web applications, and email to unobtrusively all checking that the end user has accessed some content.

[0045] In general, tags are typically used by the third-party entities to monitor the activity of users at a website for the purpose of web analytics or page tagging. They can also be used for email tracking. When implemented using JavaScript, they may be known as JavaScript tags. [0046] Using such tags, companies and organizations can track the online behavior of web users. At first, the companies doing such tracking were mainly advertisers or web analytics companies; later social media sites also started to use such tracking techniques, for instance through the use of buttons which act as tracking beacons. Generally, the inter- dependencies described in the present disclosure is process of uncovering these tags and any other casual relationships that are often not evident to a website owner (i.e., a publisher) or to an end- user - i.e., the user of the computing device desiring to interact with the publisher.

[0047] In FIG. 4, a system block diagram of an example of a communication system 400 between a computing device 402 and a publisher 404 over a public network such as, for example, the Internet 406 is shown in accordance with the present disclosure. The communication system 400 includes the computing device 402, publisher 404 and a content server 408. In this example, for the simplicity of illustration, only a single publisher 404 is shown, however, it is appreciated by those of ordinary skill that the communication system 400 includes a plurality of publishers 405.

[0048] The computing device 402 may be, for example, a personal computer 410 (including a desktop, tower, or other similar devices), portable computer 412 (including a laptop, notebook, or tablet computer, or other similar devices), mobile device 414 (including a tablet, smartphone, or other similar devices), server 416, or other type of computing device capable of connecting to the publisher 404 over the Internet 406 such as video gaming counsels, or other smart devices. In general, the computing device 402 is operated by an end-user 418 via a browser 420 running on the display screen 422 of a video display 424 of the computing device 402.

[0049] In this example, the plurality of Internet publishers 405 (including publisher 404) are each first-party entities that contain information that the end-user 418 desires access to. In order to receive that information, the end-user 418 enters an Internet address of the publisher 404 (of the plurality of Internet publishers 405) into an address line 426 of the browser 420. In this example, the publisher 404 runs a website 428 (or web application or enterprise portal) that has an Internet protocol (“IP”) address that if entered in the browser 420 would normally direct the computing device 402 to the publisher 404 via a signal path 430 if the content server 408 were not present. The website 428 includes blocks 432 of data and/or content, some of which the end-user 418 desires to access. Without the content server 408 present, once the browser 420 connects to the website 428 of the publisher 404, the browser 420 displays the website 428 within a webpage 434 produced by the browser 420.

[0050] In this example, the webpage 434 will display blocks 436 of data and/or content that may be the same or related to the blocks 432 on the website 428. In general, some of the blocks 432 on the website 428 may be produced by the publisher 404 and some of the other blocks 432 may be produced by second-party entities 438 and/or third-party entities 440 (i.e., entities that are not the publisher 104). Similarly, some of the blocks 436 on the webpage 434 may be produced by the publisher 404 and some of the other blocks 436 may be produced by second-party entities 438 and/or third-party entities 440. In general, some of the blocks 436 of the webpage 434 may be different than the blocks 432 of the website 428 because blocks 436 of the webpage 434 may be personalized to the computing device 402 and/or end-user 418. Examples of the plurality of publishers 405 may include financial institutions (i.e., banks, investment firms, etc.), health providers, on-line retailers, news agencies, search engines, cloud computing services, on-line games, media content providers, etc.

[0051] In this example, the publisher 404 is also shown to have relationships with, for example, the second-party entities 438 and the third-party entities 440. The relationships between the publisher 404 and the second-party entities 438 and the third-party entities 440 are shown as dotted-line paths 442, 444, 446, and 448, respectively. These relationships may be, for example, contractual relationships between the publisher 404 and the second-party entities 438 and the third- party entities 440 to provide services to the end-user 418 and/or publisher 404, where the publisher 404 includes software code within the blocks 432 of the website 428, hosted by the publisher 404, that will redirect requests to the publisher 404 from the end-user 418 utilizing the computing device 402 via the browser 420. It is noted that the relationship dotted-line paths 442, 444, 446, and 448 are shown solely for the purposes of establishing that the publisher 404 has some type of relationship with the second-party entities 438 and the third-party entities 440 but are generally not signal paths that establish direct communication between the publisher 404 and the second- party entities 438 and the third-party entities 440. Specifically, the computing device 402 will not communicate with the second-party entities 438 and the third-party entities 440 via the publisher 404. It is also noted that the third-party entities 440 may include a plurality of third-party entities that may be divided into multiple tiers of third-party entities that may be “chained” together into different combinations. Similar to the situation described earlier with relation to the publisher 404, each third-party entity of the third-party entities 440 may include one or more relationships to other third-party entities. Generally, there is no limit to the number and combinations of relationships that may exist between the third-party entities 440.

[0052] It is appreciated by those skilled in the art that the circuits, components, modules, and/or devices of, or associated with, the content server 408 are described as being in signal communication with each other, where signal communication refers to any type of communication and/or connection between the circuits, components, modules, and/or devices that allows a circuit, component, module, and/or device to pass and/or receive signals and/or information from another circuit, component, module, and/or device. The communication and/or connection may be along any signal path between the circuits, components, modules, and/or devices that allows signals and/or information to pass from one circuit, component, module, and/or device to another and includes wireless or wired signal paths. The signal paths may be physical, such as, for example, conductive wires, electromagnetic wave guides, cables, attached and/or electromagnetic or mechanically coupled terminals, semi-conductive or dielectric materials or devices, or other similar physical connections or couplings. Additionally, signal paths may be non-physical such as free-space (in the case of electromagnetic propagation) or information paths through digital components where communication information is passed from one circuit, component, module, and/or device to another in varying digital formats without passing through a direct electromagnetic connection.

[0053] In an example of operation, the end-user 418 utilizes the webpage 434 in the browser 420 (that is running on the computing device 402) to access the website 428 (or web application or enterprise portal) running on the publisher 404. Since the content server 408 is present in the communication system 400, the signal path 430 directly from the computing device 402 to the publisher 404 does not exist because the all communications between the computing device 402 and the publisher 404 will be controlled and managed by the content server 408 via signal paths 450 and 452. The content server 408 is a proxy server that acts as an intermediary for requests from clients (i.e., the computing device 402) seeking resources from other servers (i.e., the publisher 404). Specifically, the content server 408 is a “unity hub” that intercepts the request from the browser 420 and acts on behalf of the publisher 404 in a manner that may be transparent to the computing device 402, browser 420, and end-user 418.

[0054] It is appreciated by those of ordinary skill in the art that the content server 408 may intercept the requests from the browser 420 by utilizing various interceptions mechanisms. For example, the content server 408 may utilize domain name system (“DNS”) delegation where the publisher 404 delegates DNS resolution to the content server 408. As another example, content server 408 may be deployed in a physical or virtual datacenter of the customer (i.e., publisher 404) as a front-end proxy. Moreover, in another example, the content server 408 acts in the place of an existing origin in a content delivery network (“CDN”) configuration when the publisher 404 utilizes a CDN for delivery of an end-user data 460 from the computing device 402.

[0055] As discussed earlier, the content server 408 is a proxy server or a proxy-like module that intermediates all or selected interactions between parties (i.e., the end-users such as end-user 418 and the publisher 404). In general, the content server 408 receives requests for content from end-users (i.e., end-user 418) and relays the requests to second-party entities 438, third-party entities 440, or both. The content server 408 provides the publisher 404 with flexibility when deployed against websites and Web apps because the content server 408 may operate in a monitoring mode, active out-of-band mode, and active protection mode.

[0056] In the monitoring mode, the content server 408 remotely monitors the third-party entities 440 and their corresponding Web apps, providing regular reports on each third-party entity of the plurality of third-party entities 440. In this example, the content server 408 can remotely retrieve a third-party Web app (from the third-party entity of the third-party entities 440) from the website 428 or Web app (of the publisher 404) directly by inspecting the “tags” embedded in the website 428 itself. In this example, the content server 408 may be a software and/or hardware module that may be optionally integrated with a Tag Manager of the website and/or Web app of the publisher 404 so as to provide a more comprehensive list of integrated functions from the third- party entities 440. In this example, the content server 408 may produce a report that includes third- party entity security posture and/or reputation, third-party entity geo-location, and additional third- party entity redirects. From this report, administrators of the publisher 404 are better equipped to make decisions on whether to remove or replace individual third-party entity website and/or Web apps. [0057] In the active out-of-band mode, the content server 408 is deployed in the same way as in the monitoring mode but is integrated with the Tag Manager of the website 428 and/or Web app of the publisher 404. When the content server 408 is in the active out-of-band mode, the content server 408 monitors the third-party entities 440 and if a third-party entity violates the policies of the content server 408 (policies that may be dictated by the publisher 404), the content server 408 can then dynamically remove the third-party entity from the website 428 and/or Web app of the publisher 404 to ensure the protection of the customer data of the end-user 418, and threats are not introduced by the third-party entity.

[0058] In the active protection mode, the content server 408 is deployed in-line between the customers (i.e., the end-user 418 utilizing the computing device 402) and the website 428 and/or Web app of the publisher 404. In this example, the content server 408 is a high-speed proxy that scales with customer traffic, and can actively protect from threats, and ensure that customer data of the end-users (including end-user 418) is protected at all times.

[0059] In this example, each interaction is seamlessly redirected from the end-user 418 to the content server 408. The request is forwarded on to the intended destination (i.e., the publisher 404), with all of the interaction between the publisher 404 and the third-party entities 440 controlled by the content server 408. In this example, if threat intelligence is added to the content server 408, the threat intelligence provides the content server 408 with the ability to eliminate threat sources from the third-party entities 440 immediately. Moreover, if any third-party entity requests to harvest data from the end-user 418 and/or computing device 402, the request may be met by the content server 408 with an anonymization policy. In this example, the content server 408 may be configured with additional policies that may be implemented to ensure that the end- user 418 only receives the information they care about, with no concern about threats, or privacy violations. In general, the implementation shown in FIG. 3 is of the content server 408 in the active protection mode.

[0060] In an example of operation, the content server 408 (in the active protection mode) transforms cookies (i.e., pieces of data sent from the second-party entities 438 and/or third-party entities 440) and selectively stores them in a specialized storage within the content server 408. The content server 408 transforms the cookies utilizing a transaction traversal technology that includes a JavaScript library 390 for processing content inside the end-user execution environment (i.e., the browser 420 on the computing device 402). The content server 408 is capable of intercepting and re-interpret corresponding functional calls inside an end-user JavaScript processing engine located within (or in association with) the browser 420. Consequently, upon receiving any content from the publisher 404 or computing device 402, the content server 408 ensures that such content is modified in order to enforce that all subsequent transactions will be handled by the content server 408 (on behalf of the publisher 404), and that the JavaScript library 390 (located on the computing device 402) is properly referenced and has access to all critical stages of generating requests to any third-party entities 440. A specially designed cookie-handling mechanism ensures that first-party (i.e., the publisher 404) cookies do not exceed the limits imposed by Internet standards on the size of a cookie belonging to a single domain.

[0061] It is appreciated that by applying the transaction traversal technology (which utilizes content server and client-side JavaScript rewriting) the content server 408 is able to control (unify) all transactions and collect all information about these transactions in the form of transaction logs in a unified manner (namely, in the same standard format no matter which third-party application was involved in such transaction). Thus the data unification is made possible; such data unification consists of the unified transaction log collection and in unified processing of these data logs (while such unified processing was next to impossible because of the difficulty in obtaining all third-party logs, potential incompleteness of such logs and processing of different formats of such logs without our system).

[0062] In this example, the computing device 402 is in signal communication with the Internet 406 via signal path 454, the publisher 404 is in signal communication with the Internet 406 via signal path 456, and the content server 408 is in signal communication with the Internet 406 via signal path 458. As such, the signal path 450 between the computing device 402 and content server 408 includes the Internet 406 and the signal paths 454 and 458 and the signal path 452 between the publisher 404 and content server 408 includes the Internet 406 and the signal paths 452 and 458.

[0063] Specifically in an example of operation, the end-user 418 utilizes the webpage 434 to provide the publisher 404 with the end-user data 460 that is sent from the browser 420, running on the computing device 402, to the publisher 404 via the content server 408 and signal paths 450 and 452 instead of the direct signal path 430 from the computing device 402 to the publisher 404. In this example, the content server 408 be established as uniform resource locator (“URL”) redirect of the Internet address of the website 428 of the publisher 404. As such, when the end-user 418 enters the Internet address of the website 428 of the publisher 404 in the address line 426 of the browser 420 of the computing device 402, the browser 420 is directed to the Internet address of the content server 408 instead of the publisher 404. As a result, the content server 408 receives the end-user data 460 instead of the publisher 404. In this example, the content server 408 is in the active protection mode and acts as active protection system for the end-user 418 at the computing device 402, publisher 404, or both because the content server 408 will connect directly to second-party entities 438, third-party entities 440, or both instead of the computing device 402 or publisher 404. As an example, the content server 408 may be in signal communication with the second-party entities 438 via a signal path 462 that is a combined signal path that includes the signal path 458 from the content server 408 to the Internet 406, the Internet 406, and a signal path 464 from the Internet 406 to the second-party entities 438. Similarly, the content server 408 may be in signal communication with a first third-party entity 466 via a signal path 468 that is a combination signal path that includes the signal path 458 from the content server 408 to the Internet 406, the Internet 406, and a signal path 470 from the Internet 406 to the first third-party entity 466. The content server 408 may also be in signal communication with a second third-party entity 472 via a signal path 474 that is a combination signal path that includes the signal path 458 from the content server 408 to the Internet 406, the Internet 406, and a signal path 476 from the Internet 406 to the second third-party entities 472. Furthermore, the content server 408 may also be in signal communication with a third third-party entity 478 via a signal path 480 that is a combination signal path that includes the signal path 458 from the content server 408 to the Internet 406, the Internet 406, and a signal path 482 from the Internet 406 to the third third-party entities 478.

[0064] In general, the browser 420 on the computing device 402 connects to the content server 408 and requests some service, such as a file, connection, media, website 428 hosted by the publisher 404, or other resource from the publisher 404 and the content server 408 in the active protection mode then evaluates the request and connects to the publisher 404 to retrieve the requested information for the browser 420 in this manner the content server 408 actively protects from threats, and ensures that the end-user data 460 of the end-user 418 is protected at ah times. The request is forwarded on to the publisher 404, with ah of the interaction between the publisher 404 and the third-party entities 440 controlled by the content server 408. In this example, as discussed earlier, the third-party entities 440 may include a plurality of third-party entities divided up into multiple tiers of third-party entities that may be chained together into different combinations. Similar to the publisher 404, each third-party entity of the third-party entities 440 may include one or more relationships to other third-party entities where there is no limit to the number and combinations of relationships that may exist between the third-party entities 440. In this example, the content server 408 is configured to detect and potentially stop and/or modify the end-user data 460 for any subsequent redirects from a first third-party entity to another third-party entity of the plurality of third-party entities 440.

[0065] Turning to FIG. 5, a system block diagram of an example of the communication system 400 between the computing device 402, publisher 404, and multiple tiers of the third-party entities 440 is shown in accordance with the present disclosure. In FIG. 5, the Internet 406 is not shown for the purposes on ease of illustration but it is appreciated by those of ordinary skill in the art that Internet 406 is present between the signal paths of the computing device 402, content server 408, publisher 404, second-party entities 438, and third-party entities 440 as shown in FIG. 4. For simplicity, only the combinational signal paths 450, 452, 462, 468, 474, and 4380 are shown. Also shown in FIG. 5 are the relationships between the publisher 404 and the second-party entities 438 and the third-party entities 440 as the dotted-line paths 442, 444, 446, and 448, respectively. [0066] In this example, the third-party entities 440 are shown to have multiple tiers that include, for example, a first-tier 500, second-tier 502, and third-tier 504 of third-party entities 440. It is appreciated that while only three tiers are shown there may be optionally an unlimited number of tiers of third-party entities 440 arranged in varying combinations. In this example, the first-tier 500 is shown to include the first third-party entity 466, second third-party entity 472, and the third- party entity 478; however, it is appreciated that the first-tier 500 may include any number of third- party entities of the plurality of third-party entities 440. Moreover, in this example, the second- tier 502 is shown as having a first third-party entity 506, second third-party entity 508, and third third-party entity 510. Again only three third-party entities 506, 508, and 510 are shown for ease of illustration. Furthermore, the third-tier 504 is shown with only a signal third-party entity 512 but it is again appreciated that the third-tier 504 may include any number of third-party entities form the plurality of third-party entities 440.

[0067] In this example, the first third-party entity 466 of the first-tier 500 has relationships with the first third-party entity 506, second third-party entity 508, and third third-party entity 510 of the second-tier 502 via dotted-line paths 514, 516, and 518, respectively. Likewise, the first third-party entity 506 has a relationship with the third-party entity 512 via dotted-line path 520. As a result, the content server 408 is in signal communication with the first third-party entity 506, second third-party entity 508, and third third-party entity 510 of the second-tier 502 and third-party entity 512 of the third-tier 504 via signal paths 522, 524, 526, and 528, respectively.

[0068] In FIG. 6, a system diagram is shown illustrating an example of another implementation of the communication system 400 where the content server 408 manages data in accordance with the present disclosure. The communication system 400 includes the content server 408 (which is a proxy server) having one or more servers that acts as an intermediary between the end-user 418, the publisher 404, and the plurality of third-party entities 440.

[0069] In this example, the content server 408, publisher 404, second-party entities 438, third- party entities 440, and computing device 402 are in signal communication with one or more telecommunication networks 600 via signal paths 454, 456, 464, 470, 476, and 482, respectively. In this example, the one or more telecommunication networks 600 may include, for example, public networks such as the Internet (as was described previously as Internet 406), private networks such as an institutional and/or personal intranet, or some combination of private and public networks.

[0070] The one or more telecommunication networks 600 may also include any type of wired and/or wireless network, including but not limited to local area networks (“LANs”), wide area networks (“WANs”), satellite networks, cable networks, Wi-Fi networks, WiMax networks, mobile communications networks (e.g., 3G, 4G, and so forth) or any combination thereof. The one or more telecommunication networks 110 may utilize communications protocols, including packet-based and/or datagram-based protocols such as IP, transmission control protocol (“TCP”), user datagram protocol (“UDP”), or other types of protocols. Moreover, the one or more telecommunication networks 600 may also include a number of devices that facilitate network communications and/or form a hardware basis for the networks, such as switches, routers, gateways, access points, firewalls, base stations, repeaters, backbone devices, and the like.

[0071] In some examples, the one or more telecommunication networks 600 may further include devices that enable connection to a wireless network, such as a wireless access point (“WAP”). Examples support connectivity through WAPs that send and receive data over various electromagnetic frequencies (e.g., radio frequencies), including WAPs that support Institute of Electrical and Electronics Engineers (“IEEE”) 902.11 standards (e.g., 902. llg, 902.11h, and so forth), and other standards.

[0072] As before, in this example, the content server 408 is shown in signal communication with both the publishers 404 and the computing device 402 via signal paths 452 and 450, respectively. Moreover, the content server 408 is also in signal communication with the plurality of third-party entities 440 via a signal paths 468, 474, and 480. [0073] In this example, the computing device 402 may be a personal computer 410, portable computer 412, server 416, mobile device 414 (such as a smart telephone, tablet, etc.), videogame console, etc. In general, the computing device 402 may include one or more computing devices that operate in a cluster or other grouped configuration to share resources, balance load, increase performance, provide fail-over support or redundancy, or for other purposes. For instance, the computing device 402 may belong to a variety of classes of devices such as traditional server- type devices, desktop computer-type devices, and/or mobile-type devices.

[0074] In some implementations, the computing device 402 includes one or more input/output (“I/O”) interfaces 602 that enable communications with input/output devices such as user input devices 604 including peripheral input devices (e.g., a game controller, a keyboard, a mouse, a pen, a voice input device, a touch input device, a gestural input device, and the like) and/or output devices including peripheral output devices (e.g., a display 424, a printer, audio speakers, a haptic output device, and the like). The computing device 402 may also include a combination of two or more devices, such as a mobile phone in combination with a wearable device.

[0075] The computing device 402 may represent any type of computing device having one or more processing units 606 (also known as one or more processors) in signal communication to a computer-readable media 608 via a bus 610, which in some instances may include one or more of a system bus, a data bus, an address bus, a PCI bus, a Mini-PCI bus, and any variety of local, peripheral, and/or independent buses. Executable instructions stored on the computer-readable media 608 can include, for example, an operating system 612, a client communication module 614, a profile module 616, and other modules, programs, or applications that are loadable and executable by the one or more processing units 606. [0076] The computing device 402 can also include the one or more interface(s) 602 to enable communications between the computing device 402 and other networked devices, such as the content server 408. The network interface(s) 602 can include one or more network interface controllers (“NICs”) or other types of transceiver devices to send and receive communications and/or data over the one or more networks 600. In this example, the computing device 402 also includes the JavaScript library 490.

[0077] In this example of the communication system 400, the computing device 402 utilizes its client communication module 614 to connect with the content server 408 and/or other external device(s) through the one or more telecommunication networks 600. In various examples, the computing device 402 utilizes its profile module 616 to generate user profiles for communicating with other devices (such as content server 408) over the one or more telecommunication networks 600. In general, a user profile may include one or more of an identity of a user (e.g., a name, a unique identifier (“ID”), etc.), a user avatar, personal data (e.g., age, title, position, etc.), location data, status data (e.g., online, offline, available, busy, etc.) and so forth.

[0078] The content server 408 may be any device, network, or system that can communicate with and act as a proxy intermediary between the end-user 418, the publisher 404, second-party entities 438, and third-party entities 440 in accordance with one or more features of the present disclosure. For example, the content server 408 may be in the form of a cloud proxy or cloud network made up of one or more servers.

[0079] In this example, the end-user 418 is an individual but may also be an automated device of software component of module capable of interfacing with the computing device 402 to search the one of more telecommunication networks 600. As an example, the computing device 402 may also include the browser 420, which is a software application (i.e., program) for browsing (i.e., searching and viewing information) the Internet, where the software application is stored on a memory unit within the computing device 402. At present, examples of known browsers 420 include, for example, Google Chrome(R) produced by Google LLC. of Mountain View, California, Mozilla Firefox(R) produced by Mozilla Foundation of Mountain View, California, Safari(R) produced by Apple, Inc. of Cupertino, California, and Internet Explorer(R) and Edge(R) produced by Microsoft Corporation of Redmond, Washington. The executable instructions of the browser 420 are loaded in the computer-readable media 608 for execution by the one or more processing units 606 of the computing device 402. In general, the computer-readable media 608 is a computer or machine -readable medium that is a medium capable of storing data in a format readable by a computer and/or mechanical device rather than human readable.

[0080] The browser 420 may display information to the end-user 418 on the display 424 of the computing device 402, which may be, for example, a screen 422 on a computer, television, or hand-held device. The displayed information on the display 424 may contain the one or more blocks 436 of content, which may include a publisher block that visually displays Internet content created by the publisher 404, the second-party entities 438, and third-party entities 440.

[0081] The content server 408 acts as a proxy intermediary between the computing device 402 and the second-party entities and/or third-party entities 440 and applies multiple network and content optimization techniques to achieve reduced latency and improved efficiency while controlling any delivered and shared information with the end-user 418.

[0082] In this disclosure, the content server 408 operates differently than convention Internet interactions to help improve the end-user 418 experience.

[0083] Specifically, in a conventional system as described earlier, the publisher 404 would communicate directly with the computing device 402 and the computing device 402 would resolve the domain name of the publisher 404 and connect directly to the website 428 of a web server of the publisher 404. The publisher 404 would prepare the Internet content and directly push that content to the computing device 402 where the Internet content is rendered for delivery to the end- user 418, via the webpage 434 that is a browser window of the browser 420 or the like, to be displayed in a block 436 on the display 424 either within the browser window or separate window displayed on the display 424.

[0084] In the convention system, the rendered content also contains Internet hyperlink references to at least one third-party entity of the plurality of third-party entities 440 that allows the at least one third-party to directly deliver scripts, documents, or advertisements to the computing device 402, where these scripts, documents, or advertisements are executed along with the Internet content provided by the publisher 404. In contrast, the content server 408 in the active protection mode does not allow the publisher 404, second-party entities 438, or third-party entities 440 to communicate directly with the computing device 402. Instead, the publisher 404, second- party entities 438, and third-party entities 440 communicate indirectly with the computing device 402 through the content server 408 that acts as a proxy intermediary.

[0085] The content server 408 includes one or more devices 618. The one or more devices 618 and/or components of the content server 408 can include distributed computing resources that communicate with one another and/or with the computing device 402, the publisher 404, second- party entities 438, and the third-party entities 440 via the one or more telecommunication networks 600.

[0086] In various examples, the one or more devices 618 may operate in a cluster or other grouped configuration to share resources, balance load, increase performance, provide fail-over support or redundancy, or for other purposes. As an example, the one or more devices 618 of the content server 408 includes a first server module 620, second server module 622, third-server module 624, and a data storage 626.

[0087] As an example, the first server module 620 is configured to receive, from the end-user 418 (utilizing the computer device 402) a domain name resolution request for the publisher 404. Typically, the end-user 418 will use a search engine link or type in a domain name with the user input device 604 for the publisher 404 rather than using an IP address. The domain name is converted to the IP address via a procedure called domain name service (“DNS”) resolution or DNS lookup in conventional fashion.

[0088] As described earlier, in this example, the publisher 404 will have its IP address associated with the content server 408 such that when the computing device 402 attempts to contact the publisher 404, the computing device 402 will receive the IP address for the content server 408 instead of an IP address for the publisher 404. The computing device 402 thus connects to the content server 408 and requests 628 a first data 630 from the publisher 404. In this example, the first data 630 may be, for example, a webpage. The first server module 620 receives the request 628 for the first data 630 and, in response, the content server 408 makes a request 632 for first data 630 from the publisher 404. The publisher 404 receives the request 632 for the first data 630 and, in response, creates and sends the first data 630 to the second server module 622. The content server 408 then detects any redirects in the first data 630 from the 404. If there is any redirects in the first data 630, the content server 408 modifies the redirects in the first data 630 to produce the second data 634 by, for example, rewriting the first data 630 to remove the redirects with one or more processing units 636 within the content server 408. The third- server module 624 then requests 638 information data from a third-party entity (of the third-party entities 440) that the redirect was directed to. If any information from the end-user 418 needs to be passed to the third- party entity, the content server 408 may cleanse and anonymize the end-user data 460 prior to sending to the third-party entity. The third-server module 624 then receives the information from the third-party entity and combines it with the second data 634 to produce a third data 640. The content server 408 then transmits the third data 640 to the computing device 402.

[0089] As such, in this example, the first server 620 may be configured to receive the request from the computing device 402, where the request includes a request for content for the publisher 404 and to request the information content from the publisher 404, where the request for the information content includes requesting the first data 630. The second server 622 may be configured to receive, from the publisher 404, the first data 630, detect a link for external information, where detecting the link for external information within the information content includes detecting if the first data 630 has any references (including, for example but not limited to, redirects) to the third-party entity 440, and producing the second data 634 by rewriting the first data 630 to remove the references, where modifying the information content includes producing the second data 634. In this example, rewriting the first data 630 to remove the references may include rewriting the first data 630 with a proxy domain content rewriting engine.

[0090] As such, in this example, the content server 408 includes the second server 622 that is configured to: receive, from the publisher 404, the first data; detect the link for external information, where detecting the link for external information within the information content includes detecting if the first data has any references to the third-party entity 440; and produce the second data by rewriting the first data to modify the references, where modifying the information content includes producing the second data. In this example, modifying the references also includes rewriting the references to the content server 408, wherein the content server 408 acts as a proxy server for the publisher 404. As a result, in this example, the content server 408 does not remove the references (including redirects) but instead rewrites references to the third-party entity 440 such that the corresponding requests will be relayed and thus controlled by the content server 408 as a proxy server acting as a trusted agent of the site owner (i.e., the publisher 404). In other words, the content server 408 preserves the legitimate interactions with the third-party entity 440, but the content server 408 is able to cleans/sanitize these interactions to honor the end-user’s 418 and site-owner’s (i.e., the publisher’s 404) choices. This allows the content server 408 to stop/block unwanted interactions with third-party entities that are, for example, malware third- party entities 440, competitive third-party entities 440, or other unwanted third-party entities 440. [0091] The third server 624 may be configured to request an external data from the third-party entity 440 that the reference was directed to. The third server 624 may be further configured to modify the information content with the second data 634 and the external information to produce the modified information content (i.e., third data 640) and transmit the modified information content to the computing device 402. The third server 624 may be further configured to cleanse a user data from the end-user 418 of the computing device 402 to produce a cleansed user data, where requesting the external data from the third-party entity 440 includes transmitting the cleansed user data to the third-party entity 440. Alternatively, the third server 624 may instead transfer references to the third-party entity 440 to specially constructed references to the publisher 404 that contain the information referenced from the third-party entity 440. As another example, the third server 624 may instead cleanse the request for external data from the third-party entity 440 to produce a cleansed user data. In this example, cleansing the request includes removing sensitive and/or private data from an end-user 418 and requesting the external data from the third- party entity 440 includes transmitting the cleansed user data to the third-party entity 440. [0092] In general, the content server 408 is configured to cleanse sensitive and/or private date not from the computing device 402, but from the requests that will be relayed by the content server 408, as a proxy, to the third-party entity 440. As such, in this example, the content server 408 does not cleanse the end-user data 460 on the computing device 402, but by proxying the content server 408 is able to modify the interactions with any third-party entities 440 such that the third-party entities 440 do not carry any undesired information about the end-user 418.

[0093] As such, in this example, before the end-user 418 in the process of downloading the webpage 434 had requested data from the plurality of third-party entities 440; now with the content server 408, in the communication system 400, the end-user 418 instead sends all requests to the content server 408 (a proxy server acting on behalf of the publisher 404), the content server 408 relays these third-party entities 440 requests to the third-party entities 440 on behalf of the end- user 418, and retrieves the content (i.e., the requested data) back and transmits it to the end-user 418 in a rewritten form where the rewriting ensures that future interactions also are relayed through the content server 408 acting as a proxy for both the publisher 404 and the end-user 418 when interacting with the third-party entities 440.

[0094] In this example, the content server 408 is also configured to optionally exclude some “trusted” third-party entities 440 from rewriting if the trusted third-party entity 440 is trusted by the publisher 404 similar to a second-party entity 438 as described earlier. In this example, the content server 408 may be handle/proxy only a subset of the third-party entities 440 excluding the trusted third-party entities 440 per the desires of the publisher 404.

[0095] The content server 408 may utilizes the flow of information to create a server- side browser-like environment. The browser-like environment is used to execute the modified Internet content including excised and/or rewritten reference link blocks or scripts. The blocks or scripts of the references are thus getting executed as if they were on the computing device 402, while in a simulated browser-like environment that mimics the browser 420 of the computing device 402 with improved fidelity.

[0096] As an example, the communication with the third-party entity and the rewriting of the data is achieved by a server-side browser (i.e., at the content server 408) shadowing environment and/or end user-side (i.e., at the computing device 402) instrumentation. This approach may utilize Javascript and rewriting uniform resource locators (“URLs”) in Javascript in a corporate environment, where these functions may be implemented within a clientless or browser-based secure sockets layer (“SSL”) virtual private network (“VPN”) gateways providing secure remote access to internal resources. In general, URL rewriting allows a URL to be separated from a resource such that the URL and the resource that it leads to can be independent of each other. In this disclosure, URL rewriting (also known as URL manipulation) allows the end-user 418 utilizing the computing device 402 to link to a URL of the publisher 404 that has been rewritten to direct the link to the original URL to a new URL at the content server 408 in a way that is transparent to the computing device 402 and end-user 418. In general, URL rewriting is a process of altering (often automatically by means of a software program) the parameters in a URL. It is a way of implementing URL mapping or routing within a Web app. The Web app is a client-server computer program that the client (i.e., the computing device 402) runs in the browser 420. In this example, a software program that automatically performs URL rewriting is generally known as rewrite engine. In this example, the one or more devices 618 of the content server 408 is shown also including a rewrite engine 642 module that is associated with a web browser application 644 on the content server 408, where the rewrite engine 642 may be a component of the web browser application 644 or a web application framework (also known as a web framework). The web framework is a software framework that is designed to support the development of web applications that include, for example, web services, web resources (i.e., a resource located on the one or more telecommunication networks 600), and web application programming interfaces (“APIs”).

[0097] In all of these examples, the one or more devices 618 of the content server 408 may also include the data storage 626 such as, for example, a memory unit to store any needed information related the first data 630, second data 632, or third data 634.

[0098] In FIG. 7, a system diagram of an example of an implementation of components of a device 700, such as a device of the one or more devices 618, is shown configured to receive requests from the computing device 402, send requests for data from the publisher 404 and third- party entities 440, receiving data from the publisher 404 and third-party entities 440, and sending the data to the computing device 402, respectively.

[0099] In this example, the device 700 includes one or more processing unit(s) 702, computer- readable media 704, and/or communication interface(s) 706. The components of the device 700 are in signal communication and operatively connected, for example, via a bus 708, which can include one or more of a system bus, a data bus, an address bus, a PCI bus, a Mini-PCI bus, and any variety of local, peripheral, and/or independent buses.

[00100] As utilized herein, the processing unit(s) may represent, for example, a CPU-type processing unit, a GPU-type processing unit, a field-programmable gate array (“FPGA”), another class of digital signal processor (“DSP”), or other hardware logic components that may, in some instances, be driven by a CPU. For example, and without limitation, illustrative types of hardware logic components that may be utilized include Application-Specific Integrated Circuits (“ASICs”), Application-Specific Standard Products (“ASSPs”), System-on-a-Chip Systems (“SOCs”), Complex Programmable Logic Devices (“CPLDs”), etc.

[00101] As utilized in this disclosure, a computer-readable media, such as computer-readable media 704 and/or computer-readable media 608, may store instructions executable by the processing unit(s). The computer-readable media may also store instructions executable by external processing units such as by an external CPU, an external GPU, and/or executable by an external accelerator, such as an FPGA type accelerator, a DSP type accelerator, or any other internal or external accelerator. In various examples, at least one CPU, GPU, and/or accelerator is incorporated in a computing device, while in some examples one or more of a CPU, GPU, and/or accelerator is external to a computing device.

[00102] Computer-readable media may include computer storage media and/or communication media. Computer storage media may include one or more of volatile memory, nonvolatile memory, and/or other persistent and/or auxiliary computer storage media, removable and non removable computer storage media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data. Thus, computer storage media includes tangible and/or physical forms of media included in a device and/or hardware component that is part of a device or external to a device, including but not limited to random-access memory (“RAM”), static random-access memory (“SRAM”), dynamic random-access memory (“DRAM”), phase change memory (“PCM”), read-only memory (“ROM”), erasable programmable read-only memory (“EPROM”), electrically erasable programmable read-only memory (“EEPROM”), flash memory, compact disc read-only memory (“CD-ROM”), digital versatile disks (“DVDs”), optical cards or other optical storage media, magnetic cassettes, magnetic tape, magnetic disk storage, magnetic cards or other magnetic storage devices or media, solid-state memory devices, storage arrays, network attached storage, storage area networks, hosted computer storage or any other storage memory, storage device, and/or storage medium that can be used to store and maintain information for access by a computing device.

[00103] In contrast to computer storage media, communication media may embody computer- readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave, or other transmission mechanism. As defined herein, computer storage media does not include communication media. That is, computer storage media does not include communications media consisting solely of a modulated data signal, a carrier wave, or a propagated signal, per se.

[00104] Communication interface(s) 706 may represent, for example, network interface controllers (“NICs”) or other types of transceiver devices to send and receive communications over a network.

[00105] The computer-readable media 704 can include the data store 710. In some examples, the data store 710 includes data storage such as a database, data warehouse, or other type of structured or unstructured data storage. In some examples, the data store 710 includes a corpus and/or a relational database with one or more tables, indices, stored procedures, and so forth to enable data access including one or more of hypertext markup language (“HTML”) tables, resource description framework (“RDF”) tables, web ontology language (“OWL”) tables, and/or extensible markup language (“XML”) tables, for example.

[00106] The data store 710 can store data for the operations of processes, applications, components, and/or modules stored in computer-readable media 704 and/or executed by processing unit(s) 702 and/or accelerator(s). For instance, in some examples, the data store 710 can store session data 712 (between the computing device 402 and the publisher 404), profile data 714 for the computing device 402, profile data 716 for the publisher 404, profile data 718 for the third-party entities 440, requests, data 720 (such as, for example, first data 630, second data 634, and third data 640), and/or other data. The computer-readable media 704 can also include operating system 724 and APIs 726 configured to expose the functionality and the data of the device 700 to external devices associated with content server 408. Additionally, the computer- readable media 704 includes one or more server modules 728 and one or more output modules 730. In this example, the data store 710 may be part of the data storage 626 shown in FIG. 5. [00107] Turning to FIG. 8, a system diagram of an example of an implementation of the display 424 of the computing device 402 in accordance with the present disclosure. In this example, the display 424 includes the display screen 422. As described earlier, the computing device 424 may run a web browser 420 that displays a browser window that displays the webpage 434 on the display screen 422. As described earlier, the browser 420 may display information to the end-user 418 on the display screen 422, which may be information that includes the one or more blocks 436 of content, which may include a publisher block 800 that visually displays Internet content created by the website 428 of the publisher 404 and one or more blocks 802, 804, and 806 that display publisher 404 related content, such as an advertisement, financial information (such as, for example, stock prices, equity fund information, pension fund information, banking information, etc.), mapping information and applications (such as, for example, geographic information systems (“GIS”) such as Mapquest, Google maps, Apple Maps, etc.), business information analytics, etc., or other information that may be of interest to the end-user 418, created by or delivered by one or more third-party entities of the plurality of third-party entities 440. [00108] Turning to FIG. 9, a system block diagram of an example of another implementation of a content server 900 in accordance with the present disclosure. In this example, the content server 900 also includes one or more modules, such as a proxy domain content rewriting engine 902, a controller 904, a JavaScript execution engine 906, and a machine-learning module 908. [00109] The JavaScript execution engine 906 performs some or all tasks of executing JavaScrpit rather than having them all performed by the computing device 402, thus reducing processing and content access time to improve the performance of the computing device 402 and corresponding experience of the end-user 418. The JavaScript execution engine 906 may also simultaneously perform activities such as interactions with the third-party servers of the third-party entities 440. The machine-learning module 908 may be used to reduce the risk of errors in content rewriting and to predict interactions with third-party entities 440 without the need to execute all scripts on the computing device 402. Additional similar modules could also be employed within the content server 900.

[00110] Again, the content server 900 is a proxy server that acts as an intermediary for requests from clients (i.e., the computing device 402) seeking resources from other servers (i.e., the publisher 404). Specifically, the content server 900 intercepts the request from the browser 420 and acts on behalf of the publisher 404 in a manner that may be transparent to the computing device 402, browser 420, and end-user 418.

[00111] In this example, the proxy domain content rewriting engine 902 is a request/response processor and utilizes either the same domain as the original content or a special sub-domain for delivery of all advertising-related information. The proxy domain content rewriting engine 902 is resolved to the content server 900 to ensure privacy and security controls. [00112] As an example, the content server 900 may replace all the links to the third-party entities 440 to point to a proxy domain and create a unique cookie/supercookie (“UC”) for tracking purposes. In this example, the content server 900 aliases the UC to all third-party trackers and the content server 900, where necessary, provides a JavaScript pass-through for third party domains but executes them on behalf of the third-party domains. The content server 900 can use a JavaScript execution module (such as JavaScript execution engine 906) to minimize the repeated execution of the same/similar automatically or manually defined script fragments for the given publisher 404.

[00113] In this example, the controller 904 is a cloud-based policy enforcement engine that can control the exchanges of information between the computing device 402, the publisher 404, and the third-party entities 440. Per the publisher 104 configuration and/or per the computing device 402 configuration, the controller 904 maintains and enforces tracking and data exchange policies. The controller 904 manages publisher-defined allow/block preferences for third-party trackers of the third-party entities 440. The controller 904 also manages end user-defined allow/block preferences for third-party trackers. For ease of the preference management of the end-user 418, the controller 904 provides for default profiles typically derived from the publisher 404 preferences. In addition, the content server 900 implements various techniques for reducing latency and improving bandwidth utilization. For example, the content server 900 may implement compression technologies, transmission control protocol (“TCP”) optimization, caching, and the like.

[00114] Turning to FIG. 10, a flowchart of an example of an implementation of a method 1000 performed by the content server 408 is shown in accordance with the present disclosure. The method 1000 starts by receiving 1002, as an intermediary, with the content server a request from the computing device for the information content from a first network site of one or more network sites in signal communication with the public network and requesting 1004 the information content from the first network site with the content server. The method 1000 then receives 1006, from the first network site, the information content within a first data, detects 1008 a link for external information within the information content, wherein the external information is located on a third- party entity of the plurality of third-party entities, and stores 1010 the link for the external information and the inter-dependencies corresponding to the link. The method 1000 then receives 1012 the external information from the third-party entity, modifies 1014 the information content with the external information to produce a modified information content, transmits 1016 the modified information content to the computing device, and generates 1018 a request map that includes the stored link and corresponding inter-dependencies. The method 1000 then ends. [00115] As described earlier, in this example, the first network site may be a publisher. Moreover, receiving 1002 the request from the computing device may include receiving a domain name resolution request for the publisher and requesting 1004 the information content from the publisher may include requesting the first data. Furthermore, detecting 1008 a link for external information may include detecting if the first data has any references to the third-party entity and modifying 1014 the information content may include producing a second data by rewriting the first data to remove the references. As described previously, the rewriting the first data to remove the references may include rewriting the first data with a proxy domain content rewriting engine. [00116] The method 1000 may further include requesting the external data from the third- party entity that the reference was directed to and modifying 1014 the information content with the external information includes modifying the information content with the second data and external information to produce the modified information content. The method 1000 may further include cleansing a user data from the computing device to produce a cleansed user data, where requesting the external data from the third-party entity includes transmitting the cleansed user data to the third-party entity.

[00117] It will be understood that various aspects or details of the disclosure may be changed without departing from the scope of the disclosure. It is not exhaustive and does not limit the claimed disclosures to the precise form disclosed. Furthermore, the foregoing description is for the purpose of illustration only, and not for the purpose of limitation. Modifications and variations are possible in light of the above description or may be acquired from practicing the disclosure. The claims and their equivalents define the scope of the disclosure. Moreover, although the techniques have been described in language specific to structural features and/or methodological acts, it is to be understood that the appended claims are not necessarily limited to the features or acts described. Rather, the features and acts are described as example implementations of such techniques.

[00118] In some alternative examples of implementations, the function or functions noted in the blocks may occur out of the order noted in the figures. For example, in some cases, two blocks shown in succession may be executed substantially concurrently, or the blocks may sometimes be performed in the reverse order, depending upon the functionality involved. Also, other blocks may be added in addition to the illustrated blocks in a flowchart or block diagram. Moreover, the operations of the example processes are illustrated in individual blocks and summarized with reference to those blocks. The processes are illustrated as logical flows of blocks, each block of which can represent one or more operations that can be implemented in hardware, software, or a combination thereof. In the context of software, the operations represent computer-executable instructions stored on one or more computer-readable media that, when executed by one or more processors, enable the one or more processors to perform the recited operations. Generally, computer-executable instructions include routines, programs, objects, modules, components, data structures, and the like that perform particular functions or implement particular abstract data types. The order in which the operations are described is not intended to be construed as a limitation, and any number of the described operations can be executed in any order, combined in any order, subdivided into multiple sub-operations, and/or executed in parallel to implement the described processes. The described processes can be performed by resources associated with one or more device(s) such as one or more internal or external CPUs or GPUs, and/or one or more pieces of hardware logic such as FPGAs, DSPs, or other types of accelerators.

[00119] All of the methods and processes described above may be embodied in, and fully automated via, software code modules executed by one or more general purpose computers or processors. The code modules may be stored in any type of computer-readable storage medium or other computer storage device. Some or all of the methods may alternatively be embodied in specialized computer hardware.

[00120] Conditional language such as, among others, "can," "could," "might" or "may," unless specifically stated otherwise, are understood within the context to present that certain examples include, while other examples do not include, certain features, elements and/or steps. Thus, such conditional language is not generally intended to imply that certain features, elements and/or steps are in any way required for one or more examples or that one or more examples necessarily include logic for deciding, with or without user input or prompting, whether certain features, elements and/or steps are included or are to be performed in any particular example. Conjunctive language such as the phrase “at least one of X, Y or Z,” unless specifically stated otherwise, is to be understood to present that an item, term, etc. may be either X, Y, or Z, or a combination thereof. [00121] Any routine descriptions, elements or blocks in the flow diagrams described herein and/or depicted in the attached figures should be understood as potentially representing modules, segments, or portions of code that include one or more executable instructions for implementing specific logical functions or elements in the routine. Alternate implementations are included within the scope of the examples described herein in which elements or functions may be deleted, or executed out of order from that shown or discussed, including substantially synchronously or in reverse order, depending on the functionality involved as would be understood by those skilled in the art. It should be emphasized that many variations and modifications may be made to the above- described examples, the elements of which are to be understood as being among other acceptable examples. All such modifications and variations are intended to be included herein within the scope of this disclosure and protected by the following claims.

[00122] Furthermore, the description of the different examples of implementations has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the examples in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. Further, different examples of implementations may provide different features as compared to other desirable examples. The example, or examples, selected are chosen and described in order to best explain the principles of the examples, the practical application, and to enable others of ordinary skill in the art to understand the disclosure for various examples with various modifications as are suited to the particular use contemplated.

[00123] It will also be understood that various aspects or details of the invention may be changed without departing from the scope of the invention. It is not exhaustive and does not limit the claimed inventions to the precise form disclosed. Furthermore, the foregoing description is for the purpose of illustration only, and not for the purpose of limitation. Modifications and variations are possible in light of the above description or may be acquired from practicing the invention. The claims and their equivalents define the scope of the invention.

[00124] In some alternative examples of implementations, the function or functions noted in the blocks may occur out of the order noted in the figures. For example, in some cases, two blocks shown in succession may be executed substantially concurrently, or the blocks may sometimes be performed in the reverse order, depending upon the functionality involved. Also, other blocks may be added in addition to the illustrated blocks in a flowchart or block diagram.

[00125] The description of the different examples of implementations has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the examples in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. Further, different examples of implementations may provide different features as compared to other desirable examples. The example, or examples, selected are chosen and described in order to best explain the principles of the examples, the practical application, and to enable others of ordinary skill in the art to understand the disclosure for various examples with various modifications as are suited to the particular use contemplated.

Claims

CLAIMS What is claimed is:

1. A method for mapping a plurality of third-party entities and their inter dependencies for information content accessed by a computing device over a public network with a content server, the method comprising: receiving, as an intermediary, with the content server a request from the computing device for the information content from a first network site of one or more network sites in signal communication with the public network; requesting the information content from the first network site with the content server; receiving, from the first network site, the information content within a first data; detecting a link for external information within the information content, wherein the external information is located on a third-party entity of the plurality of third-party entities; storing the link for the external information and the inter-dependencies corresponding to the link; receiving the external information from the third-party entity; modifying the information content with the external information to produce a modified information content; transmitting the modified information content to the computing device; and generating a request map that includes the stored link and corresponding inter dependencies.

2. The method of claim 1, wherein the first network site is a publisher.

3. The method of claim 2, wherein receiving the request from the computing device includes receiving a domain name resolution request for the publisher and requesting the information content from the publisher includes requesting the first data.

4. The method of claim 3, wherein detecting a link for external information includes detecting if the first data has any references to the third-party entity and modifying the information content includes producing a second data by rewriting the first data to remove the references.

5. The method of claim 4, wherein rewriting the first data to remove the references includes rewriting the first data with a proxy domain content rewriting engine.

6. The method of claim 4, further including requesting the external data from the third- party entity that the reference was directed to.

7. The method of claim 6, wherein modifying the information content with the external information includes modifying the information content with the second data and external information to produce the modified information content.

8. The content server of claim 6, further including cleansing the request for external data from the third-party entity to produce a cleansed user data, wherein cleansing the request includes removing sensitive and/or private data from an end- user, and wherein requesting the external data from the third-party entity includes transmitting the cleansed user data to the third-party entity.

9. A content server for mapping a plurality of third-party entities and their inter dependencies for information content accessed by a computing device over a public network, the content server comprising: one or more processing units; a computer-readable media storing instructions that, when executed by the one or more processing units, cause the content server to perform operations comprising: receiving, as an intermediary, with the content server a request from the computing device for the information content from a first network site of one or more network sites in signal communication with the public network; requesting the information content from the first network site with the content server; receiving, from the first network site, the information content within a first data; detecting a link for external information within the information content, wherein the external information is located on a third-party entity of the plurality of third-party entities; storing the link for the external information and the inter-dependencies corresponding to the link; receiving the external information from the third-party entity; modifying the information content with the external information to produce a modified information content; transmitting the modified information content to the computing device; and generating a request map that includes the stored link and corresponding inter dependencies.

10. The content server of claim 9, wherein the first network site is a publisher.

11. The content server of claim 10, wherein the content server is a proxy server having one or more servers acting as an intermediary between the computing device, the publisher, and the third-party entity.

12. The content server of claim 11, further including a first server configured to receive the request from the computing device, wherein the request includes a request for a domain name resolution for the publisher and to request the information content from the publisher, wherein the request for the information content includes requesting the first data.

13. The content server of claim 12, further including a second server configured to receive, from the publisher, the first data, detect the link for external information, wherein detecting the link for external information within the information content includes detecting if the first data has any references to the third- party entity, and producing a second data by rewriting the first data to modify the references, wherein modifying the information content includes producing the second data, wherein modifying the references includes rewriting the references to the content server, wherein the content server is configured to act as a proxy server for the publisher.

14. The content server of claim 13, wherein rewriting the first data to modify the references includes rewriting the first data with a proxy domain content rewriting engine.

15. The content server of claim 14, further including a third server configured to request the external data from the third-party entity that the reference was directed to.

16. The content server of claim 15, wherein the third server is further configured to modifying the information content with the second data and the external information to produce the modified information content and transmit the modified information content to the computing device.

17. The content server of claim 16, wherein the third server is further configured to cleanse the request for external data from the third-party entity to produce a cleansed user data, wherein cleansing the request includes removing sensitive and/or private data from an end- user, and wherein requesting the external data from the third-party entity includes transmitting the cleansed user data to the third-party entity.

18. The content server of claim 17, further including a javascript execution engine, and a machine-learning module.

19. The content server of claim 17, wherein the content server is configured to stop, block, or both, unwanted interactions with third-party entities that are malware third-party entities, competitive third-party entities, or both.

20. A content server for mapping a plurality of third-party entities and their inter dependencies for information content accessed by a computing device over a public network, the content server comprising: means for receiving, as an intermediary, with the content server a request from the computing device for the information content from a first network site of one or more network sites in signal communication with the public network; means for requesting the information content from the first network site with the content server; means for receiving, from the first network site, the information content within a first data; means for detecting a link for external information within the information content, wherein the external information is located on a third-party entity of the plurality of third-party entities; means for storing the link for the external information and the inter-dependencies corresponding to the link; means for receiving the external information from the third-party entity; means for modifying the information content with the external information to produce a modified information content; means for transmitting the modified information content to the computing device; and means for generating a request map that includes the stored link and corresponding inter dependencies.

21. The content server 1, wherein the first network site is a publisher, means for receiving the request from the computing device includes means for receiving a domain name resolution request for the publisher and means for requesting the information content from the publisher includes means for requesting the first data, means for detecting a link for external information includes means for detecting if the first data has any redirects to the third-party entity, and means for modifying the information content includes means for producing a second data by rewriting the first data to remove the redirects.