The way I understand this, any visitor of my website can get hold of the heap application id that my website is using and then integrate it in their website by simply replacing the heap id placeholder in the common heap installation code that we paste in index.html. Is this a possible scenario? If yes, how to prevent a malicious visitor from polluting my heap applications’ data by misusing the id this way (e.g. whitelisting domains)?
Best answer by DJ East
View original
+1
While this is technically possible with any digital analytics solution, including Heap, it is very rare in my experience. This is both because there is no benefit to the malicious actor (even though they are sending data to your account, they cannot access your account to view the analytics) and because it is easily detectable (these hits would come from a distinct domain, which would allow us to quickly clear the bad data and if needed block the domain on our end).
Thanks for the response. I do not see a Domain Whitelisting / Blacklisting feature on my Heap dashboard. Is that something not available for the free account?
+3
Thanks for the response. I do not see a Domain Whitelisting / Blacklisting feature on my Heap dashboard. Is that something not available for the free account?
Hi
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
