Secure tracking allows you to only accept server-side events from sources which contain the secret key, generated when you turn on secure tracking.
You will need to include this key with the events for Woopra to accept these and include them in your actions. Any events that are sent which do not contain the secret key will not be accepted. We don't recommend this feature unless you're only interested in server-side tracking.
In the configurations is where you can select to enable Secure Tracking. You can set an ID and Secret that you would use for Secure Tracking.
HTTP Basic Authentication (RFC2617) is a simple authentication scheme that sends a username and a password (separated by a colon and base64 encoded) in the headers of each HTTP request.
If this is used over unencrypted HTTP this is considered insecure (as it's trivial to sniff the password on the network), but in combination with HTTPS and a signed server certificate, it's reasonably secure.
You can generate a new username, password in the Woopra web app and use the generated pair to send secure HTTP tracking requests.