The way I understand this, any visitor of my website can get hold of the heap application id that my website is using and then integrate it in their website by simply replacing the heap id placeholder in the common heap installation code that we paste in index.html. Is this a possible scenario? If yes, how to prevent a malicious visitor from polluting my heap applications’ data by misusing the id this way (e.g. whitelisting domains)?
Best answer by DJ East
View original