Tag security

Instart Tag Control provides deep browser-level controls to protect form fields and cookies from unauthorized third-party access.

More Instart Web Security features:

You can’t steal what you can’t see

Instart Tag Control gives you unprecedented control over exactly what third-party code is able to access on a page. Instart sits between the browser and your website, intercepting all the API traffic from third-parties in your application and only granting access to domains or scripts you explicitly grant access. Instart Tag Control prevents Magecart-style skimming attacks by blocking scripts and other non-critical tools from gaining access to sensitive data entered on your website, such as names, credit card numbers, and passwords.

Form protection

When website visitors enter data into form fields on your page, any third-party script that is present is also able to see what is entered. Form Protection blocks these scripts from seeing what your customers type into sensitive form fields like credit cards, passwords, health data and more, intercepting the API call the script makes to the browser. Maintain a simple whitelist that only allows specific domains or scripts access to form fields and block all others, rendering web skimming attacks like Magecart useless.

Cookie protection

Not only can scripts steal sensitive data customers type into your website, they can also grab sensitive data stored in cookies. With Cookie Protection, you can whitelist specific domains or scripts that need access to your first-party cookies and block everyone else.

Script blocking

If a third-party service that loads on your website has been compromised, you can use Script Blocking to prevent that script from executing at runtime. Even if the third-party tag or JavaScript is still in your codebase, Instart will automatically prevent that script from loading.


Use cases

Personally Identifiable Information Breach

Personally Identifiable Information (PII) breaches happen when sensitive data stored in a browser, or entered into a browser, are accidentally leaked to unauthorized third-parties. These are typically analytics or session recording tools that are operating normally, but seeing and recording sensitive data that they shouldn’t be seeing. Instart Tag Control prevents these breaches by locking down sensitive cookies or form fields and preventing any unauthorized third-party access.


Magecart attacks

Magecart attacks, or digital payment card skimming, rely on placing JavaScript skimmers on a checkout page and listening for payment information when it is entered by customers. Instart prevents Magecart attacks by restricting access to sensitive data that is entered into form fields to only those scripts or domains that are necessary. Unauthorized JavaScript is unable to communicate with the browser APIs, preventing successful attacks.


More Instart Web Security features

See how cloud-based security and performance services will benefit your web apps