Cross site tracker blocked - Filename heatmap.js

We run an internal web application that loads a lot of JS files including a file named heatmap.js. When the page loads, brave browser complains that Cross-Site tracker blocked and marks this file. Everything else loads fine.

  1. We tried emptying out the file and loading the page - same issue - Brave complains again
  2. We renamed the file to hm.js and left the original contents in there - No issue - Brave is fine

Is there a known issue about the filename heatmap.js?

Hi,

Heatmap scripts are known as trackers, because of “heatmaps” are used by tracking mouse movements/actions on websites. Which are blocked by default, but renaming the filename to something different will get around the block.

What is the use of heatmap on your side?

1 Like

It’s simply creating a heatmap graph. This is in no way tracking any actions/movements.

Just renaming the filename might be easier here, if it is an option?

These files are downloaded by dependency managers and are simply included by devs.

But why would you code something like this based on a file name?

See this;

https://www.google.com/search?q=heatmap+tracking&oq=heatmap+tracking

Its a common filename for tracking users which is why its blocked.

But my friend heatmap is also used for a lot of other positive use cases. Reporting apps or other enterprise apps (like ours) might be showing genuine data to their users via heatmaps.

I think the correct way to block a tracker would be to first understand what the tracker does. And block that tracker if you see the symptoms instead of doing this based on filenames.

Do you have the logic of what constitutes tracking?

If there is a false positive, gimme a site example and it could be whitelist.

We’ve had reports previously; but nothing recently.

https://forums.lanik.us/viewtopic.php?f=64&t=28388&p=87417
https://forums.lanik.us/viewtopic.php?f=64&t=27243&p=86621
https://forums.lanik.us/viewtopic.php?f=64&t=34441&p=109319

Ours is an internal app that our customers install in their networks. So there’s no one name I can give you to whitelist.

In that case, just disable site-trackers on the internal site, once we’ve fixed a bug with brave://adblock it should be easier to just whitelist the specific script

1 Like