trieloff
commented
5 years ago To make sure that Adobe Analytics cannot send an untrusted response (which would be interpreted by the browser as a first-party response), send a synthetic 204(no content) which means that Fastly will strip away the response body, whatever it might be.
Adobe Analytics supports setting custom tracking server URLs using the
s.trackingServerSecureconfiguration property.We should enable setting this property to the current host by passing through all requests that are destined for this server using a custom backend in VCL. These request would need to be non-shielded and we can potentially generate additional logging information.