Back to Site Mapped

Security

Security

Site Mapped is designed for tenant isolation, bounded crawling, verified billing webhooks, and strict controls for user-submitted URLs.

Monitoring bot

Site Mapped fetches monitored websites using SiteMappedBot/1.0 (+https://site-mapped.com/bot). Crawls and uptime checks honor plan-based cadence and runtime safety limits: capped page count, capped HTML size, capped redirects, and bounded timeouts.

URL safety

The scanner rejects non-HTTP protocols, embedded credentials, unusual ports, localhost, private and link-local networks, and redirects that point to unsafe destinations. DNS resolution is checked before each fetch.

Billing & jobs

PayPal webhooks are verified against PayPal's webhook signature API before any billing state changes. Internal job and scheduler endpoints require an internal secret with timing-safe comparison and are not exposed publicly.

Tenant isolation

Every site, scan, issue, job, and email event is scoped to an organization. Database row-level security and queries enforce organization scoping on every read and write.

Report a security concern

Send security concerns to support@site-mapped.com. Include the affected account, the URL involved, and enough detail to reproduce the issue when possible.