Home/Reports/Deep Dives/insurity
← Back to Deep Dives
insurityB2BSaaSAPIAIInsurance·May 20, 2026·7 min read

Insurity's public site uses Webflow, Cloudflare, and Vidyard, but DNS reveals Salesforce, Pardot, and Marketo. Our 2026 scan finds zero conversion pages and a truncated sitemap.

On the surface, Insurity's public website is a static Webflow marketing brochure. Behind that facade, DNS records expose a multi-tool enterprise marketing engine: Salesforce, Pardot, and Marketo live inside their SPF allowlist. For anyone analyzing the P&C insurance software space, the real story isn't what's visible—it's what Insurity deliberately hides from automated scans. The sitemap truncates at 200 pages, conversion paths are invisible, and zero self-service surfaces exist. This is an enterprise sales machine that only reveals itself in email headers, not on the web.

The Visible Tech Stack: Webflow, Vidyard, and a Cloudflare Shield

Insurity’s external site uses Webflow CMS (medium confidence) to serve pages with jQuery and Lodash scripts—a classic static marketing site architecture. There’s no evidence of a dynamic backend, no API endpoints, and no subdomains beyond the main marketing domain. The delivery pipeline is streamlined: Cloudflare CDN fronts all traffic, forcing HTTPS via Let’s Encrypt TLS certificates. The site does not redirect to www, operating on a bare domain, which is a minor but notable operational choice.

Video content runs through the Vidyard platform, a tool built for buyer education and enterprise storytelling. Combined with Google Tag Manager, the visible layer suggests a content-oriented brand with basic behavioral tracking. Yet the sitemap stops at 200 pages. Interact actions—potential CTAs, form submits, or lifecycle triggers—registered zero events during the scan. That absence is the first major signal: Insurity’s digital surface is designed for broadcast, not conversion.

Email delivery runs on Microsoft 365, but there is no backup MX record. That single-point-of-failure posture is worth noting for enterprise continuity evaluations. The lack of any app, auth, or developer portal subdomains means the product itself, user documentation, and API surfaces live on infrastructure our scanner never touched. What we see is a purpose-built content façade.

The Invisible Funnel: Where Marketing Automation Lives

The GTM scan found no CRM pixel, no on-site chat, and zero form builder detections. That would normally indicate a brand in early-stage growth without a demand capture mechanism. But Insurity’s SPF record tells a different story. It includes Salesforce, Pardot, and Marketo—three heavyweight platforms that cost six figures to run well. This mismatch is the most revealing finding of the entire analysis. The marketing automation stack exists in production, yet it never touched the scanned pages. Why? Because Insurity routes all engagement through email, partner channels, and outbound motions—none of which can be detected by domain-level crawling.

Vidyard usage suggests a heavy investment in video-based nurture sequences, likely gated behind forms that scanners never followed. The sitemap’s 200-page cutoff means we got the top of the information hierarchy: blog posts, maybe a few resource hubs. Deeper landing pages, comparison guides, or demo request forms were never reached. The risk is that Insurity’s funnel architecture is invisible, but the evidence points to a classic enterprise sales-led motion: educate broadly, convert selectively, and qualify through human touchpoints.

OneTrust consent management confirms a privacy-first approach, and the missing advertising pixels (no Facebook CAPI, no LinkedIn Insight Tag) align with a low-volume, high-value pipeline. This isn’t a company optimizing for volume; it’s optimizing for enterprise compliance and deal size. That’s a deliberate growth choice that competitors need to understand.

Infrastructure: A Fortress with No Windows

From a delivery perspective, Insurity’s site is monolithic and locked down. Cloudflare CDN provides edge caching and DDoS protection, while Webflow handles content authoring. The stack uses jQuery 3.x and Lodash, dependencies that haven’t been modernized to React or a headless architecture, suggesting a lower engineering investment in the marketing site. There are no API layers exposed, no GraphQL endpoints, and no evidence of a content mesh.

The email setup—Microsoft 365 without a backup MX—is functional but lacks operational redundancy. If a provider outage hits, there’s no failover. For a company serving mission-critical insurance workflows, that’s a gap worth monitoring. The absence of any subdomains for status pages, docs, or sandbox environments means the product is entirely separate from the brand site. That’s typical for enterprise P&C vendors, but it also means the digital evaluation surface for a tech-savvy buyer is zero. No developer portal, no API key provisioning, no swagger docs.

Forced HTTPS and Let’s Encrypt are table stakes. The lack of a `www` redirect means canonicalization is handled at the domain level, which can be fine as long as SEO signals are consistent. However, the truncation of the sitemap at 200 pages hints at light crawl budgets or deliberate limits, possibly to avoid exposing too much content depth.

Enterprise Readiness: Privacy Compliance Without a Trust Center

OneTrust consent management shows Insurity takes privacy seriously—likely for GDPR and CCPA compliance in insurance. However, our scan found no public trust center, no SOC2 or ISO badges, and no compliance certification page indexable by crawlers. This is a notable omission for enterprise buyers in regulated industries. The SPF policy uses `-all`, meaning only explicitly listed senders can send mail, and DKIM passes validation—strong email authentication signals.

Yet DMARC is set to `p=none`, which monitors but doesn’t block spoofing. There’s no DNSSEC, no CAA record, and no TLS hardening beyond the basic forced HTTPS. These are not critical vulnerabilities, but they’re missing resilience signals that modern enterprise procurement teams look for. The stack’s security posture is functional but not exemplary.

The juxtaposition is stark: behind the scenes, Salesforce and Marketo anchor a mature enterprise automation capability, yet the public site shows no artifact of that sophistication—no trusted login, no partner portal, no API status page. This opacity likely works for RFPs that go through sales teams, but it raises friction for self-guided evaluations.

What This Means for Insurity’s Competitors

Insurity’s digital footprint is a deliberate absence of visibility. The 200-page sitemap cap, the missing conversion pages, and the no-advertising approach suggest a company that wins through outbound and broker networks, not SEO demand gen. Competitors with robust content strategies, developer documentation, and self-service sandboxes can capture the growing segment of digital-first insurance carriers that expect transparency during the evaluation process.

The Vidyard presence indicates that video is a core content format; competitors who also invest in interactive video or ROI calculators could differentiate. The hidden Pardot/Marketo duality implies Insurity may have separate automation paths for different products or regions—a complexity that modern unified platforms (like HubSpot Enterprise) can exploit with simpler orchestration.

Infrastructure-wise, the static Webflow+Cloudflare combination is easy to replicate. The moat isn’t in the tech stack; it’s in the domain expertise and industry relationships. If a competitor builds a transparent trust center, publishes API docs, and runs a scalable SEO engine with 1,000+ indexed pages, they will win mindshare among digitally-native insurance buyers searching StackShare or technology comparison sites.

Actionable Takeaways for Founders and Product Leaders

1. Enterprise sales-led motions don’t need visible funnels. Insurity proves you can run a multi-million-dollar pipeline with Salesforce and Marketo while leaving no trace on your website. If you’re competing, don’t assume a thin public site means a weak tech stack—check DNS and email headers.

2. Video as a moat. With Vidyard deeply integrated, Insurity’s content moat is in video-based buyer education. Building a comparable video library and gating it effectively can match their enterprise approach, but it requires a content engine, not just a tool.

3. Lack of public trust center is a vulnerability. In 2026, insurance buyers expect SOC2, ISO, and live status pages. If you’re building in this space, launch a public trust page before your first enterprise contract—Insurity’s absence is your opportunity.

4. The sitemap truncation is a competitive intelligence blindspot. You can’t fully map Insurity’s content strategy with automated tools. Manual research, partnership intel, and win/loss analysis will be critical to understand where their funnel actually converts.

5. Operational maturity signals matter. The missing backup MX, `DMARC p=none`, and no developer portal are not deal-breakers for most, but they are decision-tilts in procurement committees. Use these gaps to position your product as more resilient and transparent.

Insurity’s technology choices reveal a company that invests heavily in marketing automation and video, but keeps its most powerful conversion machinery behind a minimal public surface. For those evaluating this space, the lesson is clear: scan the visible, but always verify the invisible—because the real stack often lives in email headers, not HTML.

Tech stack detected from public signals — using automated code analysis, DNS profiling, and browser-level inspection across https://www.insurity.com. No privileged access. No guessing.

Send insurity's Full Strategy Report

Get the complete 5-module analysis delivered to your inbox

GTM Stack

Demand generation & routing

Funnel Design

Conversion path & user journey

Product Architecture

Infrastructure & delivery

Growth Maturity

SEO, content & lifecycle

Enterprise Readiness

Trust, security & scale