Mapp Engage offers multiple security features to protect your landing pages and ensure the safety of your visitors’ data. These settings help you meet security expectations and build trust with your contacts.
Secure Landing Pages with HTTPS
Mapp Engage supports secure landing pages via HTTPS. This ensures that all data transferred between the landing page and the browser is encrypted and protected against unauthorized access.
Engage uses TLS (Transport Layer Security) to establish this secure connection. TLS is the modern standard for web encryption and replaces the older SSL technology. It provides:
Encryption: All data transmitted between the user and the landing page is encrypted.
Authentication: A security certificate confirms the identity of the landing page.
Most modern browsers display a lock icon in the address bar when a valid TLS certificate is in place. This visual signal helps build trust with your contacts and reassures them that the landing page is secure and authentic.
To enable HTTPS, you must use a dedicated secure domain for your Engage landing pages. If you’re unsure whether this is set up for your system, please contact your Mapp representative.
iframe Protection
Mapp Engage prevents your landing pages from being displayed in an iframe on third-party domains. This protects your pages from clickjacking attacks, where malicious actors try to trick users into interacting with invisible or misleading content.
This protection is automatically enabled for Engage-hosted landing pages. If you have questions about iframe restrictions, contact your Mapp representative.
Block External Scripts
You can configure your landing pages to block external JavaScript. This prevents the inclusion of third-party scripts and reduces the risk of cross-site scripting (XSS) attacks.
This feature is implemented via a Content Security Policy (CSP) header, which allows only scripts hosted on your approved domains.
Blocking external scripts is optional but recommended. To activate this feature, contact your Mapp representative.
Domain Whitelisting for Form Submissions
This setting ensures that form data submitted via your landing pages is only sent to trusted domains. Engage uses an internal whitelist to verify destination URLs for data transfers.
This prevents data from being redirected or submitted to unverified endpoints.
To configure domain whitelisting, contact your Mapp representative.