What is segment test key and segment prod key?
Posted in BugBounty Discussion by @katsuragicsl




katsuragicsl

Researcher

When I was finding bugs on a bug bounty program (no money reward), I found that one of the in-scope webpage has left so much information in their source code, I wonder what does the following mean:

https://imgur.com/IzvAlF9

Should they be kept in secret (and worth to report) or just some random text?

I have googled for "segment keys", "test key", "googletag key" and related keywords and I found nothing useful. Anyone got some ideas?


Posted on 2018-11-13



glennpegden

Researcher

Generally not.

With names like that, especially within a block managed by Google Tag Manager, I'd expect them to be indicators used for marketing purpose. Normally in this context the "segment" is a segment of a mailing list (or similar) that's been targeted, it could be that only users identified as being in a certain 'segment' get that version of the page.

Usually those keys are designed to be read by a third party websites/services (i.e. google Analytics) often to help deliver customised content for marketing purposes.

https://en.wikipedia.org/wiki/Google_Tag_Manager https://trackmaven.com/marketing-dictionary/market-segmentation/


Posted on 2018-11-13 at 12:55:16pm (GMT)