ForeSee Hosted Code - Security & Reliability

With ForeSee code hosted remotely in the cloud, we take seriously the responsibility of providing a secure and reliable delivery network. In addition, we go to great pains to ensure that in the course of delivering functionality to your website, we don’t negatively impact site performance. This is an overview of some of the topics we’ve addressed in our approach to ensuring both the security and reliability of our hosted JavaScript for our ForeSee, Webcollage, and ResellerRatings product families.

Resource Availability

All ForeSee client code is hosted in our high-availability CDN, backed by Fastly. Their customers include the likes of Twitter, Guardian UK, GitHub, AddThis, Wikia, Shazam, Wanelo, and Yammer. By partnering with a recognized industry-leader, we’re able to provide microsecond time-to-first-byte times.

In addition to being on a robust network, we’ve also adopted an architecture that minimizes the potential impact of an outage of our resources on your website. ForeSee gateway code is inserted asynchronously onto the page, meaning that even if the origin server was unreachable or slow, this would have zero impact on page performance. In other words, even in the unlikely worst-case scenario where ForeSee content is temporarily unreachable, this will have virtually no impact on your website other than not providing the ForeSee features during the outage.

3rd Party Cookies

ForeSee uses what are called 3rd party cookies to keep track of users across their experience. Cookies are just text files that reside on the browser of the visitor to the website. The difference between 1st and 3rd party cookies is who has the right to access the information inside the cookie. A 1st party cookie can only be read by the owner of the site who created it. A 3rd party cookie can only be read by the external vendor who has a presence on the site. Since ForeSee is an external vendor, our cookies are defined as 3rd party.

Historically, there has been industry scrutiny on cookies, specifically as they relate to privacy and ownership of information. ForeSee uses cookies to determine things like whether a user is new or returning, how many pages they’ve visited, etc. because these are inputs into the triggering logic for survey invitations. This is an important part of our service and a necessary tool in our toolbox.

In situations where clients cannot allow 3rd party cookies on their sites, they do have the option of hosting the code themselves, and using only 1st party cookies. Ask your ForeSee representative to learn more about this option.

Use of JSON

ForeSee uses Javascript Object Notation (JSON) format to encode and store information. These JSON objects can appear in our cookie, be transmitted and persisted on our servers, or in another persistence format. To parse JSON, Foresee uses the browser-native JSON.parse() function to deserialize JSON strings and does not use eval. The difference between the two is important as JSON.parse only parses information, and does not expose users to script-injection attacks. The eval approach, on the other hand, parses the data by executing it as part of a script, which can open up security vulnerabilities.

Encryption

For pages on your site that use SSL encryption, ForeSee provides end-to-end 128-bit encryption of all hosted resources using TLS 1.2.

Emergency Support

Clients may call (877) 224-9282 during normal business hours (Eastern time) or email support@ForeSee.com

Other articles in this section:

  1. Security & Reliability (current article)
  2. Deployment Options
  3. The Embed Snippet
  4. Self Hosting Code
  5. Calling API Methods