Authenticating Beacon Calls from Websites
Most sites nowadays track tracking beacons (ComScore, Nielsen) to track various metrics like pageviews, clicks, number of users, etc. When such a beacon reaches the ComScore server, how does the server know which page produced the beacon?
For example, suppose a person has two sites nice.com
and badsite.com
. The site nice.com
contains good content, but traffic to the site is very low. On the other hand, it badsite.com
contains adult pirated content and is very popular. Now the person wants to show a bloated pageview for his site nice.com
, so he deploys the javascript code to badsite.com
. This malicious JS snippet pushes the ComScore beacon and provides an identifier as nice.com
.
My question is, how does ComScore or Alexa prevent these scams? Is there an HTTP header or any other attribute present in the call that the tracking server can use to authenticate this beacon was actually started from nice.com
?
source to share
No one has answered this question yet
Check out similar questions: