Crazy Egg

Reason it’s crawling
– Your site loads its script (installed by you/partner/previous agency).
– Someone added your URL to their account, triggering verification/snapshots.
– It follows public links to capture page structure for analytics/testing.
 
Potential negative impacts
– Extra crawl traffic: CPU/bandwidth/CDN egress costs; cache churn.
– Log/WAF noise; false positives in bot/scraping detections.
– Skewed web analytics (inflated pageviews, A/B test traffic).
– Possible exposure of sensitive HTML/content in captured snapshots if masking not configured.
– Crawling of parameterized URLs may trigger non-idempotent GET endpoints.
– Strains limited-origin quotas/rate limits on APIs backing pages.

– robots.txt
– User-agent: CrazyEgg
– Disallow: /
– Low effort; only works if the bot honors robots.txt.
 
– User-Agent filtering
– Apache (.htaccess):
RewriteCond %{HTTP_USER_AGENT} "(?i)Crazys?Egg|CrazyEgg"
RewriteRule .* - [F]
– Nginx:
if ($http_user_agent ~* "Crazys?Egg|CrazyEgg") { return 403; }
 
– IP/ASN denylist
– Block Crazy Egg’s published IP ranges at your firewall or web server (e.g., nginx deny rules, iptables). Reduces application load.
 
– rDNS + FCrDNS validation
– Verify reverse DNS maps to a Crazy Egg domain and forward-confirmed DNS resolves back to the same IP; block mismatches to stop UA spoofing.
 
– JavaScript/cookie gate
– Serve full content only after a small JS sets a signed cookie/token; clients without JS/cookies (typical bots) receive 403 or a lightweight page.

With the advanced technology behind DataDome's Cyberfraud Protection Platform, you can detect and block bots that threaten your website or application. By stopping bots in their tracks, DataDome safeguards your systems from attacks like scraping, account takeover, credential stuffing, and DDoS. This robust protection ensures the integrity of your data and enhances your overall security posture.