Web Development

DomainCanary — Get notified when your site loads from the wrong domain

by Simon Thompson
4 min read
Web Development
domaincanary-logo

Whilst working on a client site recently I noticed that, due to our use of MaxCDN, the entire site was accessible over the *.netdna-cdn domain. Luckily we have measures in place to prevent duplication, otherwise the site would have been indexed twice by search engines  –  not ideal, to say the least.

This did however get me thinking as to whether there was a way we could find out instantly when our site is served via the wrong domain like this, even when we might not know that the domain exists in the first place.

After a few evenings writing code and this post, here’s a solution which I’ve dubbed DomainCanary. It’s a snippet which you can quickly add through Google Tag Manager, and will send you an email like below when your site loads from a domain where it shouldn’t do.

How to implement

1) Generate your unique token

To protect your email from prying eyes and scrapers, DomainCanary requires you to generate a token linked to your email address.

Head over to the registration form and submit the form there to get your email token.

Note: Your token can be used across multiple sites.

2) Add the tracking code via Tag Manager

Create a Custom HTML Tag within Tag Manager named “DomainCanary”, which uses the “All Pages” Trigger, and add the code snippet below.

https://gist.github.com/SimonJThompson/fdd7d97c1388dbddf1c3419ecf4d7c13

  1. Replace YOUR_ORIGIN with the full origin your site should be loading from. An origin is the protocol plus the full domain (i.e. https://strategiq.co). Be sure to not add any trailing slashes!
  2. Replace YOUR_KEY with the token you generated in Step 1.

How it works

When the code you added via GTM runs, it does a check to see whether the current origin matches anything in the whitelist you specified. If it doesn’t, it’ll send a request with your email token and the current domain to the DomainCanary backend (a small Node.JS app hosted on Heroku).

When the backend receives the request it’ll check whether it’s already sent a notification for the domain and, if it hasn’t, it’ll send one to the email address linked to the token.

Triggering by GoogleBot

Due to the fact that JS is executed by the web rendering service and not GoogleBot itself (and therefore doesn’t seem to have a GoogleBot-related user-agent), we haven’t been able to definitely confirm that Google triggers DomainCanary. However, from our testing, DomainCanary will be triggered when you do a fetch and render via Google Search Console , so we’re fairly confident that it does.

If you can shed any more light on this to help us confirm, please do share!


You may get notified that your site has loaded on https://gtm-msr.appspot.com — a domain related to Google Tag Manager when it loads through an iFrame. This is normal.

DomainCanary only stores your email so it can send the notification whilst also protecting your address. I don’t want it for marketing or anything nefarious. If you don’t trust me, that’s fine — I’ve made the code available for you to review on Github, and you can self-host via Heroku if that’s how you roll.


If this has been helpful to you or you’re using DomainCanary, I’d love to hear about it! Let me know via Twitter or drop an email to simon@strategiq.co.

DomainCanary — Get notified when your site loads from the wrong domain

We don’t want briefs.
We want problems.
That’s where the magic happens.

StrategiQ Full Awards List
2024
UK Dev Awards
Rising Star
UK Dev Awards
Fintech Website
UK Dev Awards
Third Sector Website
Campaign Best Places to Work
26/100
UK Dev Awards
Retail/Ecommerce Website
UK Company Culture Awards
Best HR Tool
Sunday Times' 100 Best Places to Work
Small Organisations Category
2023
UK Dev Awards
Best Third Sector Website
UK Dev Awards
UX Award for StrategiQ
UK Paid Media Awards
Best Use of Linkedin Ads
UK Paid Media Awards
Paid Media Agency Led Campaign Of The Year
European Paid Media Awards
Best Use of Linkedin Ads
UK Agency Awards
Best Culture Transformation Initiative
UK Search Awards
Best Use of Search (Travel)
Social Media Awards
Best Use of Instagram
Social Media Awards
Best Use of Linkedin
Social Media Awards
Best Audience Engagement Campaign
DEVELOPHerAWARDS
Emerging Talent
UK Search Awards
Best Use of Search
2022
Elite Agency
Campaign Best Places to Work
Winner Top 50
UK Dev Awards
Project of the Year
UK Dev Awards
Travel Website of the Year
UK Dev Awards
Best Site Migration
UK Dev Awards
B2B Website of the Year
UK Paid Media Awards
Local Campaign of the Year
UK Paid Media Awards
Best Use of Attribution
UK Search Awards
Best Local Campaign (PPC) (LARGE)
UK Search Awards
Travel / Leisure (PPC) (LARGE)
UK Search Awards
Retail / Ecommerce (SEO) (LARGE)
The Drum Awards
Best Business Development Initiative
2021
UK Dev Awards
Best Migration
Campaign Best Places to Work
Winner Top 50
UK Agency Awards
Covid Response (Silver)
UK Agency Awards
Campaign Effectiveness Award (Silver)
UK Search Awards
Best Use of Search Third Sector (Silver)
UK Search Awards
Best Use of Content Marketing (Silver)
UK Search Awards
Best Large SEO Campaign
2020
Campaign Best Places to Work
Winner Top 50
Suffolk Business Awards
Business of the Year
Suffolk Business Awards
Small & Medium Business of the Year
2019
DXA Awards
Best PPC Strategy with Powertool World
Suffolk Business Awards
Best Employer
2018
Best Employers Eastern Region
Best Digital & Technology Business
UK Search Awards
Best Small Integrated Search Agency
2016
EADT Business Awards
One To Watch Award
Read
Play
Hover