This article provides information about the Web Governance IP Addresses used, Data Hosting, and Security policies.
This section provides information about the IP addresses that Web Governance uses.
The Heartbeat feature uses different IP addresses. Allow-list these IP addresses instead to ensure that the module functions properly.
If you do not know which one to use, contact your sales representative or customer success manager.
Ports used
User agents
Mozilla/5.0 (compatible; Monsidobot/2.2; +http://monsido.com/bot.html; [email protected])Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36Web Governance uses the Google Cloud Platform as the hosting environment for our services.
Web Governance scans your public-facing websites and does not access or store any confidential data. The only data that Web Governance stores (that may not be publicly accessible) are the names and email addresses of our customer's users, which we do not make publicly available. All data and backups collected are kept for at least 30 days before being permanently deleted if and when the client exits, with the exception of logs.
Scans of public websites are done by both known and unknown crawlers every day. This is a part of the way the internet works. Google, Bing, and other search engines, as well as completely unknown companies, crawl websites to gather information and monitor performance. What Web Governance does is similar, and has no detectable effect on website performance.
Unless otherwise agreed upon, the location of customer data is based on the Web Governance branch that your contract is with. This means that customer data for the US Web Governance offices and subsidiaries is processed and stored within the USA, customer data for AU Web Governance offices and subsidiaries is processed and stored within AU, and customer data for EU and UK Web Governance offices and subsidiaries is processed and stored within the EU.
Login credentials (name, email, one-way hashed password, and data-location ID) are stored centrally in our login service, which resides in the EU.
Web Governance uses the criteria as defined in the Google Cloud InfoType detector reference to identify potential data privacy security violations.
The Web Governance crawler scans data as it finds it. This is normally breadth-first, for example, the scan starts at level 0 (the front page of the website) and proceeds to level 1 (pages that are accessed via links from the front page), and continues in this way. XML sitemap is occasionally used if this is explicitly supplied or discovered through robots.txt.
This section provides information about what is required from an implementation perspective.
Your current infrastructure must be internet-accessible. The statistics and pages are prioritized by the number of views and have a script that can be added to your Google Tag Manager.
For more information, visit Google Tag Manager deployment.
If you opt to scan password-protected or otherwise restricted web pages or documents, and if this is permitted by the contract you signed with Web Governance , you must make sure that the information in these web pages and documents is not confidential since Web Governance cannot guarantee the same level of security that you can.
For more information, visit Scan password-protected and internal pages
For information about policies, visit:
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Wed Oct 01 2025 13:08:07 GMT+0000 (Coordinated Universal Time)