Client Code (Web SDK) - Security & Reliability

With ForeSee code hosted remotely in the cloud, we take the responsibility of providing a secure and reliable delivery network seriously. In addition, we go to great lengths to ensure that, in the course of delivering functionality to your website, we don’t negatively impact site performance. This is an overview of some of the topics we’ve addressed in our approach to ensuring both the security and reliability of our hosted JavaScript for our ForeSee products.

Resource Availability

All ForeSee client code is hosted in our high-availability CDN, backed by Fastly, whose customers include the likes of Twitter, Guardian UK, GitHub, AddThis, Wikia, Shazam, Wanelo, and Yammer. By partnering with a recognized industry-leader, we’re able to provide microsecond time-to-first-byte times.

In addition to being on a robust network, we’ve also adopted an architecture that minimizes the potential impact of an outage of our resources on your website. ForeSee gateway code is inserted asynchronously onto the page, meaning that even if the origin server was unreachable or slow, this would have zero impact on page performance. In other words, even in the unlikely worst-case scenario where ForeSee content is temporarily unreachable, this has virtually no impact on your website other than not providing the ForeSee features during the outage.

Third-Party Cookies

ForeSee uses what are called third-party cookies to keep track of users across their experience. Cookies are just text files that reside in the browser of the visitor to the website. The difference between first and third party cookies depends on who has the right to access the information inside the cookie. A first-party cookie can only be read by the owner of the site who created it. A third-party cookie can only be read by the external vendor who has a presence on the site. Since ForeSee is an external vendor, our cookies are defined as third-party.

Historically, there has been industry scrutiny on cookies, specifically as they relate to privacy and ownership of information. ForeSee uses cookies to determine things like whether a user is new or returning, how many pages they’ve visited, etc. because these are inputs into the triggering logic for survey invitations. This is an important part of our service and a necessary tool in our toolbox.

In situations where clients cannot allow third-party cookies on their sites, they do have the option of hosting the code themselves, and using only 1st party cookies. Ask your ForeSee representative to learn more about this option.

Use of JSON

ForeSee uses Javascript Object Notation (JSON) format to encode and store information. These JSON objects can appear in our cookie, be transmitted and persisted on our servers, or in another persistence format. To parse JSON, Foresee uses the browser-native JSON.parse() function to deserialize JSON strings and does not use eval. The difference between the two is important as JSON.parse only parses information, and does not expose users to script-injection attacks. The eval approach, on the other hand, parses the data by executing it as part of a script, which can open up security vulnerabilities.

Encryption

For pages on your site that use SSL encryption, ForeSee provides end-to-end 128-bit encryption of all hosted resources using TLS 1.2.

Emergency Support

Clients may call (877) 224-9282 during normal business hours (Eastern time) or email support@ForeSee.com.

Other articles in this section:

  1. Client Code Release Notes
  2. Frequently Asked Questions
  3. Implementing Client Code
  4. Invitation Behavior
  5. Testing Client Code
  6. SDK Extension Points
  7. Client Code Cookies
  8. Customer Passed Parameters
  9. ForeSee URL API
  10. Replay
  11. Security & Reliability (current article)
  12. 508 & WCAG Compliancy