1

Basically, this third-party application is using data from my website to fetch data and load into there application.

The scenario is this application has an internal login page on which end user insert my website credentials & this application fetch and load the data. I don't want to happen that.

  1. I want to restrict this application also it is opening the entire page in WebView in another link.

  2. Some of the requests are going with X-Requested-With Header what it means?

Can CORS Headers, Domain Headers or any security implementation we can try to mitigate this

Jasurbek
  • 2,946
  • 3
  • 20
  • 37
Tech2K
  • 11
  • 2
  • what's the `UserAgent:` for the offending apps? maybe you can filter by that field – lenik Jul 03 '19 at 08:12
  • @lenik is it only restrict those or all android browsers. ? – Tech2K Jul 03 '19 at 09:24
  • You can't. Any competent hacker will be able to easily get around any gimmick that tries to block based upon operating system of the source. – TheGreatContini Jul 03 '19 at 10:05
  • Possible duplicate of [How to prevent arbitrary client apps from using anonymous web API?](https://stackoverflow.com/q/5333368/608639), [How to block a specific App from accessing my website](https://stackoverflow.com/q/39669951/608639), [How can I block all mobile phones from accessing my website](https://stackoverflow.com/q/15932775/608639), [How to restrict access to some public websites](https://stackoverflow.com/q/44357371/608639), [How to limit web site access to USA or North America only](https://stackoverflow.com/q/2111246/608639), etc. – jww Jul 03 '19 at 16:59

0 Answers0