All Vendors
personalization

Instapage

Instapage is a landing page and conversion optimization vendor that deploys cookie-based visitor tracking, built-in heatmaps, advertising pixel management, and extensive third-party data sharing integrations across customer landing pages.

15 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Instapage discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Awaiting scanner verification

Observed Behavior

Runtime cookie behavior, heatmap data collection, and advertising pixel execution not yet observed by BLACKOUT scanner

Customer Impact

What This Means For You

Organizations using Instapage should recognize that each landing page becomes a multi-layered data collection point. Between Instapage's own analytics, built-in heatmaps, advertising pixels, and third-party integrations, a single landing page may be transmitting visitor data to five or more separate platforms simultaneously. This creates compliance complexity as each data recipient requires separate disclosure and legal basis documentation. The 3-day cookie expiration means Instapage analytics will show different visitor counts than other platforms, potentially causing confusion in reporting and attribution. Revenue risk emerges from the concentration of post-click conversion infrastructure in a single vendor: if Instapage experiences downtime or data loss, the entire paid advertising conversion pipeline is disrupted.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Instapage

  • - Audit all advertising pixels deployed on Instapage landing pages and verify each is gated behind proper consent management. - Review the built-in heatmap data collection scope and determine whether mouse movement, scroll depth, and click tracking require separate consent under your applicable privacy regulations. - Assess third-party heatmap integrations (Crazy Egg, Mouseflow) for redundant data collection and ensure each tool is disclosed in your privacy policy. - Verify that approximate location data collection is disclosed and has a documented legal basis, particularly for EU visitors. - Map the complete data flow from landing page to CRM to ensure no unauthorized data sharing occurs through automated integrations.

Negotiation Leverage

  • When negotiating with Instapage, request documentation of all data collected by the platform's JavaScript tag versus data collected by third-party pixels deployed on pages. Ask for clarity on data retention periods for heatmap recordings, visitor behavioral data, and form submission records. Key contractual protections should include restrictions on Instapage's use of aggregated heatmap and behavioral data for product development or benchmarking, data portability guarantees for all lead and analytics data, and clear data deletion timelines upon account termination. Press for details on how approximate location data is derived, stored, and whether it is shared with any third parties. Negotiate for the ability to disable built-in heatmaps independently of other analytics features if consent requirements dictate it.
IOC Manifest

IOC Manifest

15 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*instapage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*instapage.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/*/main.js*
Tracking script
TRACK
instapage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
instapage.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Instapage integrates with advertising, analytics, CRM, email marketing, and marketing automation platforms. Direct integrations include Google Ads, Google Analytics, and Meta Pixel for advertising attribution and conversion tracking. The platform supports third-party heatmap tools including Crazy Egg and Mouseflow for session recording and behavioral analysis. CRM integrations enable automated lead data transfer to Salesforce, HubSpot, and other marketing platforms. Instapage also supports AMP analytics with compatibility for 50+ analytics vendors, extending its data distribution reach into the accelerated mobile pages ecosystem. Custom JavaScript injection allows deployment of arbitrary tracking and analytics code on landing pages.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

15 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details