No, if they’re security conscious, then it may mean they only did a request that scanned the HTML for a <title> tag. That means one WGET call, but a far cry from a standard definition of “visiting” in which your device’s JS parser starts running their unknown code and page instructions.
Sure, we can split hairs about the definition of “visiting” a site. But like your wget example, at the very least the server gets your ip address. Then possibly a user agent string. Maybe follows a redirect. Maybe cookies. A lot of that depends on how secure and privacy oriented the http client is. And all that can happen without rendering a full html DOM, or executing js code.
No, if they’re security conscious, then it may mean they only did a request that scanned the HTML for a <title> tag. That means one WGET call, but a far cry from a standard definition of “visiting” in which your device’s JS parser starts running their unknown code and page instructions.
Sure, we can split hairs about the definition of “visiting” a site. But like your wget example, at the very least the server gets your ip address. Then possibly a user agent string. Maybe follows a redirect. Maybe cookies. A lot of that depends on how secure and privacy oriented the http client is. And all that can happen without rendering a full html DOM, or executing js code.
So put the injection into the title? Got it