Expand my Community achievements bar.

Join us at Adobe Summit 2024 for the Coffee Break Q&A Live series, a unique opportunity to network with and learn from expert users, the Adobe product team, and Adobe partners in a small group, 30 minute AMA conversations.
SOLVED

How to restrict tracking calls from domains other than you own?

Avatar

Level 1

Since Adobe Analytics has front-end implementation, anyone can copy your tracking script or entire page source and use it on their domain. How to prevent tracking calls made from domain other than you own. May be something like not considering those calls so as to save tracking call cost and keep the data clean?

Thank you,

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Level 10

As an option you may want to populate a variable with a page URL (or hostname) and then configure a VISTA rule to filter the beacons from undesired websites. However, this will unlikely bring you a positive ROI if the key objective is to reduce the number of server calls as VISTA setup is not free, and I am not sure if filtered server calls are not counted...

If you would like to get rid of the data from undesired websites, consider creating a segment and a virtual report suite with it.

 

Best wishes,
Andrey Osadchuk | Inspect Launch Implementation, Automate Classifications & Data Sources, Essential Bookmarks

View solution in original post

8 Replies

Avatar

Correct answer by
Level 10

As an option you may want to populate a variable with a page URL (or hostname) and then configure a VISTA rule to filter the beacons from undesired websites. However, this will unlikely bring you a positive ROI if the key objective is to reduce the number of server calls as VISTA setup is not free, and I am not sure if filtered server calls are not counted...

If you would like to get rid of the data from undesired websites, consider creating a segment and a virtual report suite with it.

 

Best wishes,
Andrey Osadchuk | Inspect Launch Implementation, Automate Classifications & Data Sources, Essential Bookmarks

Avatar

Level 6

Piggy-backing off of @Andrey_Osadchuk 's answer, you could also set up your beacons to only fire on conditional events. In particular, create a condition within each rule that the domain meets the specific criteria.

 

The only drawback would be that if someone were that highly motivated to commit fraud, they could just send a ton a requests directly to Adobe's tracking server. Ultimately, you may want to look into what laws your country has to protect against fraud. For example, this would be very easy to prosecute under the United State's Computer Fraud and Abuse Act.

Avatar

Level 8

I'd go with something like this...

function checkValidDomains(host) {
  var validDomains = ['x.example.com', 'y.example.com'];
  if (!(validDomains.indexOf(host) > -1)) {
    s.abort = true;
  }
}

s.doPlugins = function (s) {
  checkValidDomains(document.location.hostname);
};

If you don't already have doPlugins set up in Launch (or your AppMeasurement.js library), it's easy to do, and if someone happens to copy and use your analytics script verbatim, you'd be covered on ALL analytics calls. No need for rule-specific conditions or anything more complicated.

Avatar

Level 6

Seems like a good solution, but doesn't hide the value of the tracking server. @Ishan_Sinha_ 's answer is the only one that completely masks all tracking activity from a client.

Avatar

Level 6

True. Might be worth taking your solution to the next level and not only aborting AppMeasurement, but also putting malicious code on the page if the domain doesn't meet the criteria.... Simple solution would be to hide everything on the page.

Avatar

Level 8
I thought about that, as well. The options there are only limited by your creativity!

Avatar

Employee Advisor

You may also want to opt for server side implementation to mitigate such concerns.