Cross site tracker blocked - Filename heatmap.js

singh · October 30, 2019, 6:01pm

We run an internal web application that loads a lot of JS files including a file named heatmap.js. When the page loads, brave browser complains that Cross-Site tracker blocked and marks this file. Everything else loads fine.

We tried emptying out the file and loading the page - same issue - Brave complains again
We renamed the file to hm.js and left the original contents in there - No issue - Brave is fine

Is there a known issue about the filename heatmap.js?

fanboynz · October 30, 2019, 7:12pm

Hi,

Heatmap scripts are known as trackers, because of “heatmaps” are used by tracking mouse movements/actions on websites. Which are blocked by default, but renaming the filename to something different will get around the block.

What is the use of heatmap on your side?

singh · October 30, 2019, 7:37pm

It’s simply creating a heatmap graph. This is in no way tracking any actions/movements.

fanboynz · October 31, 2019, 1:22am

Just renaming the filename might be easier here, if it is an option?

singh · October 31, 2019, 2:10am

These files are downloaded by dependency managers and are simply included by devs.

But why would you code something like this based on a file name?

fanboynz · October 31, 2019, 6:37am

See this;

https://www.google.com/search?q=heatmap+tracking&oq=heatmap+tracking

Its a common filename for tracking users which is why its blocked.

singh · October 31, 2019, 11:19am

But my friend heatmap is also used for a lot of other positive use cases. Reporting apps or other enterprise apps (like ours) might be showing genuine data to their users via heatmaps.

I think the correct way to block a tracker would be to first understand what the tracker does. And block that tracker if you see the symptoms instead of doing this based on filenames.

Do you have the logic of what constitutes tracking?

fanboynz · October 31, 2019, 7:01pm

If there is a false positive, gimme a site example and it could be whitelist.

We’ve had reports previously; but nothing recently.

https://forums.lanik.us/viewtopic.php?f=64&t=28388&p=87417
https://forums.lanik.us/viewtopic.php?f=64&t=27243&p=86621
https://forums.lanik.us/viewtopic.php?f=64&t=34441&p=109319

singh · October 31, 2019, 7:32pm

Ours is an internal app that our customers install in their networks. So there’s no one name I can give you to whitelist.

fanboynz · October 31, 2019, 7:41pm

In that case, just disable site-trackers on the internal site, once we’ve fixed a bug with brave://adblock it should be easier to just whitelist the specific script

system · December 30, 2019, 7:41pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[SOLVED] Brave Blocking Same-Origin Script as Cross-Site Tracker Desktop Support windows , macos	8	1554	February 16, 2020
Web developer question: why is a script blocked? Web Compatibility	4	332	January 9, 2020
Brave is blocking parts of our web application due to the file names used Web Compatibility	6	969	June 14, 2020
Cross-site tracking in Brave Shield breaking app Web Compatibility	5	1595	July 2, 2020
Dashvantage.biz embedding unblocked tracker on all visited websites Desktop Support windows	2	439	April 29, 2020
Brave Ad Blocker - Ads vs. Trackers Beta Builds	5	894	October 22, 2018
Cross-site tracking in Brave Shield Desktop Support windows	3	544	January 3, 2020
No Longer Able to See Names of Trackers Blocked in Shield Desktop Support windows	11	1799	June 16, 2022

Cross site tracker blocked - Filename heatmap.js

Related Topics