Solved

Can someone misuse my heap application id in their own application/website?


Userlevel 1
Badge

The way I understand this, any visitor of my website can get hold of the heap application id that my website is using and then integrate it in their website by simply replacing the heap id placeholder in the common heap installation code that we paste in index.html.  Is this a possible scenario? If yes, how to prevent a malicious visitor from polluting my heap applications’ data by misusing the id this way (e.g. whitelisting domains)?

 

icon

Best answer by DJ East 9 May 2023, 16:13

View original

3 replies

Userlevel 2
Badge +1

While this is technically possible with any digital analytics solution, including Heap, it is very rare in my experience. This is both because there is no benefit to the malicious actor (even though they are sending data to your account, they cannot access your account to view the analytics) and because it is easily detectable (these hits would come from a distinct domain, which would allow us to quickly clear the bad data and if needed block the domain on our end).

Userlevel 1
Badge

Thanks for the response. I do not see a Domain Whitelisting / Blacklisting feature on my Heap dashboard. Is that something not available for the free account?

Userlevel 3
Badge +3

Thanks for the response. I do not see a Domain Whitelisting / Blacklisting feature on my Heap dashboard. Is that something not available for the free account?

Hi @Gokul_Panda, please see this doc on Capture Controls, which applies to all accounts. 

Reply