Does the web browser see litres metrics when you pay via iframe payonline, card data?

N

newbot2015-10-13 10:53:48

Information Security

newbot, 2015-10-13 10:53:48

Recently, when buying a book on litres.ru, I noticed that I fill out the card data on a page that did not come via the https protocol.
I looked a little deeper - the payonline payment window opens through an iframe and the data seems to be sent via https.
I was surprised by something else, namely the metric with the webvisor enabled.
Do I understand correctly that in Yandex.Metrica, litres sees the data of all cards? If not, why not?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

DaNHell, 2016-01-20
@DaNHell

c iframe, redirect in fact.
and about the metrics .. POST request ...

Instead of a page with the result of submitting the form, the player displays an error or an invalid page. Why?
The form is probably submitting data using the POST method.
When loading data into the player, Webvisor uses only the GET method. This is due to the fact that POST requests usually lead to some action: sending an application, placing an order, etc. If the Webvisor used the POST method, it would completely emulate the visitor's actions, and every time such a page was played, you would the application was re-arrived or the order was re-placed on the site.
In order for the page with the result of submitting the form to be displayed correctly in the player, go to the Webvisor section on the counter editing page, and then enable the Record pages when viewed by a visitor option (type From browser).

N

newbot, 2016-01-20
@newbot

I have already tested it myself, the metric does not see the contents of the iframe. So there is no danger :)