Security & Embed Integrity
Last updated: July 2, 2026
Publishers embed BetterLink on their own websites, so we hold the integration to a higher bar than a normal web app. This page explains the protections around site tokens, the hosted script, and your visitors' clicks.
1. Site Tokens Are Bound to Your Domains
Every site integration has its own randomly generated token and a server-side allowlist of the exact domains it may be used from. The token in your page HTML is an identifier, not a secret: it only does anything when the request comes from one of your allowed domains.
API requests from any other origin are rejected. Click-throughs are only tagged, localized, and tracked when the browser context matches your allowlist — any other request is passed straight through to the original Amazon URL with no affiliate tag and no tracking. You can rotate a token instantly from your dashboard at any time, and the old token stops working immediately.
2. Script Integrity and Version Pinning
The embed script is served exclusively over HTTPS through Cloudflare and deployed only from our version-controlled releases. The auto-updating URL (/smart-router.js) has a short cache lifetime, so a fix reaches every site within about an hour.
Publishers who want cryptographic assurance can use a version-pinned snippet with Subresource Integrity: pinned files (e.g. /smart-router-v1.js) are frozen forever, and the snippet includes an integrity hash so the browser refuses to execute the script if even one byte changes — on our servers, on the CDN, or anywhere in between. You control upgrades by updating the snippet. If you prefer, you can also self-host a pinned copy on your own infrastructure and point it back at BetterLink with the data-api attribute.
3. Redirect Safety
BetterLink's click router only ever redirects to Amazon destinations — it cannot be used as an open redirect to arbitrary websites. If anything about a request doesn't check out (unknown token, wrong site, missing browser context, rate limit), your visitor is still delivered to the original Amazon product page. Readers never see an error because of us.
4. Rate Limiting and Monitoring
All integration endpoints are rate limited per visitor and per site, which bounds abuse of a token even by someone deliberately forging request headers from outside a browser. Rejected cross-origin usage triggers automated alerts to our team, so misuse of a token is noticed, not just blocked.
5. Reporting a Vulnerability
If you believe you've found a security issue, please reach out via our contact page and we'll respond promptly. A machine-readable pointer is published at /.well-known/security.txt.