Non tracking HubSpot subdomains being blocked as trackers

[arcaderivalry]

What is broken and where?

Test page:
https://info.iamtom.xyz/badgertest?hs_preview=QCSBCXjf-30914306987

What is the "culprit" domain?

api.hubspot.com
app.hubspot.com
forms.hubspot.com
no-cache.hubspot.com

The above domains all appear to have been blocked by privacy badger as trackers. At the moment we use these to provide embedded services to customers.

• We use track.hubspot.com for our analytics services so this is a tracking domain and I would expect this to be blocked.
• app.hubspot.com is used for our web app where customers can create/edit their content.
• no-cache.hubspot.com is used to serve embedded images on a page and does not track visitors.
• forms.hubspot.com is used to render web forms on a page. This would not track visitors without the analytics scripts running so is not a tracking script.
• api.hubspot.com is used for posting form payloads to our service, it would not track visitors through this domain.

Would it be possible to add these domains to an allowlist to ensure they content our customers are embedding on their page which are not tracking visitors can render correctly?

What is your debug output for this domain?

debug output

**** ACTION_MAP for hubspot.com
hubspot.com {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "block",
  "nextUpdateTime": 0
}
no-cache.hubspot.com {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "",
  "nextUpdateTime": 1592879256868
}
app.hubspot.com {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "",
  "nextUpdateTime": 1592888679115
}
cta-service-cms2.hubspot.com {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "",
  "nextUpdateTime": 1592831641468
}
api.hubspot.com {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "",
  "nextUpdateTime": 1592720298837
}
forms.hubspot.com {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "",
  "nextUpdateTime": 1592871216673
}
track.hubspot.com {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "",
  "nextUpdateTime": 1593029931615
}
exceptions.hubspot.com {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "",
  "nextUpdateTime": 1592785103170
}
**** SNITCH_MAP for hubspot.com
hubspot.com [
  "surveymonkey.com",
  "freepik.com",
  "trello.com"
]

Thanks so much for the help!

[ghostwords]

Hello and thanks for getting in touch!

If the api/app/forms/no-cache subdomains of hubspot.com do not actually track users, they may be compliant with the EFF Do Not Track policy. If HubSpot posted EFF's DNT policy on each compliant subdomain, it will tell Privacy Badgers to always allow resources from those subdomains. Let me know how this sounds.

Previously: #1681

[arcaderivalry]

Thanks for following up ghostwords. I'm working with our internal teams here to go through our next steps.

[ghostwords]

Let me know if you run into any issues.