This may be a silly question but is client side application insights safe from spoofing? Microsoft ask you to add a bit of JavaScript to your HTML page that needs recording and part of this contains a hard coded instrumentation key (not a real key below!):
instrumentationKey: "3D486E8C-BDEF-43AB-B27A-9D3F9D42EC14"
There doesn't seem to be any other relationship between Url and key or any mechanism to prevent spoofing of this key client side (i.e. randomly generating the key with different numbers and submitting the page).
This wouldn't cause any damage, but it would be annoying to the receiver of the incorrect monitoring data, which may well be all someone wants to do "because they can".
Have I missed something fundamental as to why this is not possible?
While not exactly a duplicate, i believe the answer is pretty much the same as this one:
How does Google Analytics prevent traffic spoofing
AI doesn't know how or where you're using your key, so how would they know which traffic is legitimate and which is not?