3/25/2020 Tag Obfuscation and Ad-blocker Avoidance

Tag Obfuscation and Ad-blocker Avoidance

Tag Obfuscation and Ad-blocker Avoidance
In addition to Enhanced Profiling via Self-Hosted SSL, it is possible to obfuscate the URIs used to host the ThreatMetrix profiling scripts.
This approach is recommended to provide protection from ad-blockers that may hinder the profiling process by blacklisting profiling
URLs.

Installing the snippet and invoking profiling

info Please note that this toolkit is updated from time to time and customers are recommended to download the latest version.

Latest Release: fp-clientlib-v3.js (Version 3)

Release Date: February 21, 2019

Download the latest version: Click here.

1. Download the toolkit. Please note that the location of the file has changed from cloudfront which will no longer be
updated. Customers should migrate to the new version of the library and are advised to host this JS file on their own
websites.
2. Rename the downloaded file to something unique. E.g. asdfghjkl.js
3. Place the renamed file in a publicly accessible location on your web server. You may rename this file to any description you see
fit. 
4. Include a reference to the toolkit on the page you wish to have profiled:

<script type="text/javascript" src="path/to/toolkit.js"></script>

https://kb.threatmetrix.com/index.php?View=print&EntryID=1700 1/3
3/25/2020 Tag Obfuscation and Ad-blocker Avoidance

5. Trigger profiling asynchronously by calling it in a script on your page and including appropriate parameters: 

Please ensure that the function 'threatmetrix.profile' is renamed; this function is part of the toolkit customers download when
implementing tag obfuscation and should be renamed or randomized so that it does not call attention to the fact that ThreatMetrix is
being used.

1. <script type="text/javascript">threatmetrix.profile(profiling_domain, org_id, session_id, page_id);</script>

Substitute profiling_domain, org_id, session_id, and optionally page_id with appropriate parameters.
Note that you will need to generate session_id on your server-side in order to reference the session-query from your back end.
Profiling domain will be "h.online-metrix.net" if you have not setup Enhanced Profiling via self-hosted SSL.

For example:

<script type="text/javascript">threatmetrix.profile("h.online-metrix.net", "abcd1234",

"01f50c4d1430a620a3b50005ffe98541");</script>

Example (JSP)
An example of how the client toolkit could be used on a single-page JSP application would involve:

<head>
<script type="text/javascript" src="path/to/toolkit.js"/>
<!-- other head content -->
<head>
<body>
<script type="text/javascript">
var session_id = <%=generateSessionId()%>;
threatmetrix.profile("<profiling_domain>", "<org_id>", session_id);
</script>
<noscript>

https://kb.threatmetrix.com/index.php?View=print&EntryID=1700 2/3
3/25/2020 Tag Obfuscation and Ad-blocker Avoidance

<iframe style="width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;" src="<profiling
doman>/fp/tags?org_id=<org_id>&session_id=<session_id>"></iframe>
</noscript>
</body>

Article ID: 1700

Last updated: 26 Feb, 2020
Revision: 17
Implementation -> Profiling -> Tag Obfuscation and Ad-blocker Avoidance
https://kb.threatmetrix.com/index.php?View=entry&EntryID=1700

https://kb.threatmetrix.com/index.php?View=print&EntryID=1700 3/3