What does using the Google Fonts Web API mean for the privacy of my users?
The Google Fonts API is designed to limit the collection, storage, and use of end-user data to only what is needed to serve fonts efficiently. The use of the Google Fonts Web API is unauthenticated and the Google Fonts API does not set or log cookies. Requests to the Google Fonts Web API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com. Font requests are separate from and don't contain any credentials sent to google.com while using other Google services that are authenticated, such as Gmail.
When I embed Google Fonts in my website via the Google Fonts Web API, what data does Google receive from my website visitors and why?
When end users visit a website that embeds Google Fonts, their browsers send HTTP requests to the Google Fonts Web API. The Google Fonts Web API serves the Google Fonts Cascading Style Sheets (CSS) and subsequently the font files specified in the CCS to the users. Such HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) HTTP headers including the user agent describing the website visitors’ Internet browser and operating system versions as well as the referer (i.e. the webpage on which the Google font is to be displayed).
IP addresses are not logged or stored on Google’s servers and are not analyzed for any purpose. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer). Access to this data is limited and tightly controlled. The requested URL identifies the set of font families for which the user wishes to load fonts, and this data is logged so that we can determine how often particular font families are requested. The Google Fonts Web API requires the user agent to customize the font it generates for the particular type of web browser used. The user agent is logged primarily for debugging purposes and used to generate aggregate usage statistics to measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts analytics page. Lastly, the referrer is logged so that the data can be used for production maintenance and to generate an aggregate report on the top integrations based on the number of font requests.
For clarity, Google does not use any information collected by Google Fonts to create profiles of end users or for targeted advertising.
When I embed Google Fonts in my website via the Google Fonts Web API, does Google log or store the IP addresses of my website visitors?
When end users visit a website that embeds Google Fonts via the Google Fonts Web API, Google‘s servers receive the IP addresses of the users as a part of the network connection between Google and the user. Google does not log or store the IP addresses and immediately deletes them after transmitting the font to the requesting user.
When I embed Google Fonts in my website via the Google Fonts Web API, why does Google receive the IP address of my website visitors?
The Internet Protocol requires IP addresses to transfer data via the Internet between a given client (i.e. browser) and a given server. This is why every client request to any server contains the client’s IP address so that the server can respond to that IP address. Accordingly, the fact that Google’s servers necessarily receive IP addresses to transmit fonts is not unique to Google and is consistent with how the Internet works.
Can I embed Google Fonts in my website without sending end-user data to Google’s servers?
Instead of fetching fonts from Google servers, a developer may self-host web fonts on their website locally by downloading the fonts and uploading them to their server. When a font is loaded from the website operator’s servers, Google does not receive any kind of data related to the visits to the website. However, there are several drawbacks to self-hosting Google Fonts (see below).
For more information about self-hosting Google Fonts, read Self-host web fonts quick guide.
What are the advantages of embedding Google Fonts in my website via the Google Fonts Web API?
There are several advantages for both developers and end-users to hosting web fonts on Google’s servers. Google Fonts makes it easy to bring personality and performance to websites and other digital products. It has come a long way from its original value proposition—to make the web faster by allowing your browser to cache commonly used fonts across all the websites that used the API. This is no longer true, but the API still provides additional and important optimizations so that websites load quickly and the fonts work well.
Using the code generated by Google Fonts, our servers will automatically send the smallest possible file to every user based on the technologies that their browser supports. For example, we use WOFF 2.0 compression when available. This can reduce font size by up to 99.9 % and makes the web faster for all users—particularly in areas where bandwidth and connectivity are an issue. The icon sets that are delivered by Google Fonts benefit from the same infrastructure.
Notably, there are also several drawbacks to self-hosting Google Fonts. First, the download size of the font file will increase because the developer will download the entire font file, as opposed to pieces of it, which is the case when the Google Fonts Web API delivers fonts. Second, there is no way to ensure a self-hosted font will be compatible with all browsers. In contrast, the Google Fonts Web API automatically delivers fonts tailored to the user’s specific browser and includes fixes for browser specific issues, the optimal font format, and size optimizations specific to the user’s browser. Lastly, developers must manually update self-hosted fonts, as compared to the Google Fonts Web API, which automatically delivers updates to fonts with no action needed by the developer.
For more information about the benefits of using the Google Fonts Web API, read An API for fast beautiful web fonts.