Secure and Certified

The most secure and compliant optimization solution.

  • PCI DSS 3.2 Certified

  • GDPR Compliant

  • Privacy Shield Compliant

  • HIPAA Ready

  • Two-Factor Authentication

  • Single Sign-On

  • IP Whitelisting/Blacklisting

  • Log Visualization

  • Not Affected by Firefox ETP

  • Log Shipping

  • Access Control List

  • Automatic Bot Detection

  • In-Transit Data Encryption

  • Not Affected by Safari ITP

  • End User Permission Levels

  • Security Alerts via AlertLogic

  • Private & Isolated Customer Data

  • Audit Trail

  • Content Security Policy

Safari Firefox ITP ETP

Not Affected by Safari ITP or Firefox ETP

SiteSpect is the only optimization solution not affected by Safari ITP or Firefox ETP. Because of its unique architecture, SiteSpect does not set any cookies in the browser, and will see no impact from browser security changes. Learn more here.


PCI DSS 3.2 Certified

SiteSpect is the only PCI certified solution audited by a third party and is compliant with PCI DSS 3.2 for Service Providers. See SiteSpect’s Self-Assessment Questionnaire D (SAQ-D) and certificate from our Qualified Security Assessor (QSA). For more information about PCI and the PCI DSS, visit the PCI Security Standards Council website.

GDPR Compliant

GDPR Compliant

SiteSpect is GDPR Compliant. The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for collecting and processing personal information of individuals within or who are citizens of the European Union. More information about SiteSpect’s GDPR support is located on our Customer Notice On EU GDPR Support page.


Privacy Shield Compliant

SiteSpect complies with both the EU-US and the Swiss-US Privacy Shield Frameworks. SiteSpect certifies that it adheres to the Privacy Shield Principles with respect to personal data. More information about SiteSpect’s Privacy Shield support is available on our Business Services Privacy Policy - GDPR and Privacy Shield page.



SiteSpect is HIPAA ready, which saves you time when you use SiteSpect in your HIPAA-compliant environment. SiteSpect obfuscates and encrypts visitor behavior and does not store any personal data. SiteSpect also offers on-premise and other deployment models to guarantee personal data never leaves your datacenter.


Two-Factor Authentication (2FA)

Two-Factor Authentication, also known as 2FA, requires not only a password and username but also something that only a user has access to, such as a token. Using a username and password together with a token makes it harder for potential intruders to gain access to SiteSpect.


Single Sign-On

SiteSpect supports Single Sign-On (SSO) authentication through Active Directory and SAML. SSO allows you to centrally manage SiteSpect permissions and login credentials. It also makes it easier for SiteSpect users to quickly log in and switch between their applications saving time and improving productivity.

IP whitelist blacklist

IP Whitelisting/Blacklisting

Restrict access to your websites by IP address. Create lists or ranges of IP addresses that allow trusted (whitelisted) users to access your websites or prevent access from disallowed (blacklisted) users.

log visualization

Log Visualization

SiteSpect sends a sample of log data to, a log visualization service. This service offers full flexibility to view and analyze logs relating to traffic health and routing. Your network operations center can also use this service to build your own visualization and dashboards or integrate into existing systems.

log shipping

Log Shipping

Directly ingest SiteSpect traffic logs into your monitoring infrastructure to diagnose underperforming applications/servers and identify site errors in near real time.


Access Control List (ACL)

Restrict user access to SiteSpect by IP address.


Automatic Bot Detection (ARD)

SiteSpect injects a small piece of JavaScript code that asks the browser a question. SiteSpect can identify a bot based on the answer. If we think a user is a bot, we remember that, ensure they are unassigned from all campaigns and try to route the bot away from SiteSpect if possible.

data encryption

In-Transit Data Encryption

SiteSpect fully supports encryption for all types of in-transit data such as end-user content, SDK and API transmissions, and business user data. We also support testing on HTTP and HTTPS websites.


End User Permission Levels

SiteSpect supports nine different permission levels that provide control and configurable access. User-level permissions determine view and edit rights for building, managing and analyzing campaigns.

alert logic logo

Security Alerts

SiteSpect leverages Alert Logic to monitor and track security vulnerabilities. This additional line of defense notifies you of any detected threats or attacks on your website.

database lock

Private and Isolated Customer Data

SiteSpect maintains the privacy of all customer data by ensuring no test data is exposed and that data is not grouped with or shared with others in any way.

Audit Trail

Audit Trail

SiteSpect includes a complete history of every user action. Quickly undo changes in the audit history list and audit any change as part of your change management process.


Content Security Policy

SiteSpect supports your Content Security Policy while allowing you to offer the optimization variations and personalization experiences that drive conversion.

Want to learn more? Let's talk.