Modern websites provide many benefits to religious communities. At the same time, there is a critical need for protecting users' privacy, specifically the data concerning users' religious beliefs. Focusing on the largest religious communities in Finland, we studied the extent of data leaks to third parties on their websites. Our findings from 148 websites reveal that in 56.1% of the studied websites, potentially sensitive data concerning religious affiliation inadvertently ends up in the hands of third parties such as Google and Meta. The stark majority of these websites also either do not use cookie consent banners at all, or have banners that are rife with dark patterns used to mislead the users in falsely giving their consent. This underscores the need for web developers and data protection officers to rectify privacy issues and ensure that the websites comply with regulations. Based on our findings, we also offer recommendations on how website developers should mitigate these kinds of threats to user privacy.