What is segment test key and segment prod key?
Posted in BugBounty Discussion by @katsuragicsl
When I was finding bugs on a bug bounty program (no money reward), I found that one of the in-scope webpage has left so much information in their source code, I wonder what does the following mean:
Should they be kept in secret (and worth to report) or just some random text?
I have googled for "segment keys", "test key", "googletag key" and related keywords and I found nothing useful. Anyone got some ideas?
With names like that, especially within a block managed by Google Tag Manager, I'd expect them to be indicators used for marketing purpose. Normally in this context the "segment" is a segment of a mailing list (or similar) that's been targeted, it could be that only users identified as being in a certain 'segment' get that version of the page.
Usually those keys are designed to be read by a third party websites/services (i.e. google Analytics) often to help deliver customised content for marketing purposes.