Some of the largest websites on the Internet use third-party software to track everything you do on their sites - including what you type, click, and scroll through.

A study by Princeton researchers revealed that over 400 of the world's most popular websites use the equivalent of hacking tools to spy on you without your knowledge or consent.

The research investigated the use of session replay scripts from third-party companies, which track what exactly users do while browsing, on some of the Web's top sites.

Among top retail offenders recording your every move are Costco, Gap.com, Crate and Barrel, Old Navy, Toys R Us, Fandango, Adidas, Boots, Neiman Marcus, Nintendo, Nest, the Disney Store, and Petco. After publication of the study, Bonobos and Walgreens said they would stop using session replay scripts.

Tech and security websites spying on users include HP.com, Norton, Lenovo, Intel Autodesk, Windows, Kaspersky, Redhat.com, ESET.com, WP Engine, Logitech, Crunchbase, HPE.com (Hewlett Packard Enterprise), Akamai, Symantec, Comodo.com, and MongoDB.

Other sites you might recognize that are also using active session recording are RT.com, Xfinity, T-Mobile, Comcast, Sputnik News, iStockphoto, IHG (InterContinental Hotels), British Airways, NatWest, Western Union, FlyFrontier.com, Spreadshirt, Deseret News, Bose, and Chevrolet.com.

This is not what you probably know about basic website tracking - page views, searches - in order to make internet ads more targetted and efficient.

These sites are capturing everything you type, mouse over, and click on - sort of like a keylogger. The software is capable of tracking a great deal of information and because third parties have access to that information.

"Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behavior," the researchers from Princeton University reported.

As the researchers also pointed out, this sort of playback software is "like somebody looking over your shoulder," while you're online. Watch the video below to learn more about how it works.

With that sort of recording also comes additional information that, if eaked, could be dangerous indeed. The research noted that this software has the ability to record passwords entered, capture sensitive data such as credit card numbers and dates of birth, and record data input into text boxes, even if that data isn?t submitted to the site.