I just set up an HTTP referrer limit for my Google Maps API key. I use a map on my website. The problem is that when I open it using Chrome and the monitoring network using Chrome DevTool, I found an interesting query
https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent?XXXXXXX
Say XXXXXXX is the rest of the URL, which you can find yourself when you did monitoring, like me. So I just repeat this request and track the use of my Google map in the API console, and this has increased significantly.
The question is, how can we prevent this attack?
source
share