Hello everyone,
I'm currently facing a small issue and could use your help.

I've successfully set up Umami on my VPS, and everything is working well so far. However, I'm also hosting my Next.js website on the same server, and in my layout.tsx, I include Umami like this:
//
return (
<html
lang="de"
className={overflow-x-hidden}
>
<head>
<StructuredData />
<Script
src={https://umami.....de/script.js%7D
data-website-id={UMAMI_ID}
strategy="lazyOnload"
/>

</head>
...

//
The problem is: when inspecting the website in the browser (e.g. using F12), both the src URL and the data-website-id are visible in plain text.
That means anyone could technically copy those lines and embed them in their own site – and then my Umami instance would start tracking their traffic too, which would falsify my data.

❓ My Question:
How can I protect my Umami instance so that it only accepts tracking data from my real website – and not from others who copy the script?

Thanks in advance for any advice or best practices! 🙏