Skip to main content
All guides
Moderate KVKK m.9 · GDPR Chapter V (transfers) · CDN

Self-host Google Fonts to stop leaking visitor IPs

Loading fonts from fonts.googleapis.com sends every visitor’s IP address to Google on page load — a cross-border transfer that happens before consent and cannot be consented to for an essential asset.

Why it matters

A German court (the "Google Fonts" ruling) found that transmitting a visitor’s IP to Google via hosted fonts, without consent, was an unlawful transfer. Fonts are essential to rendering, so the fix is not a consent banner — it is to stop the transfer entirely by hosting them yourself.

How to fix it

Download the font files, serve them from your own domain, and declare them with @font-face. No third-party request, no IP transfer, and usually faster too.

/* Self-hosted — no request to Google */
@font-face {
  font-family: 'Inter';
  src: url('/fonts/inter-var.woff2') format('woff2');
  font-display: swap;
}

/* Remove any <link href="https://fonts.googleapis.com/..."> */

Does your site have this issue?

Run a free scan to find out in seconds.

Official sources

Links to primary legislation for reference. PrivaScan is not affiliated with these bodies; this is information, not legal advice.

Related guides

These guides cover automated checks for trackers, cookies and data flows. A full privacy review also needs legal input.