The feature is highly secure:
- Webhook submissions use HTTPS for encrypted data transfer.
- The webhook UID is unique and should be kept private (never exposed in client-side code).
- Embedded forms are tied to whitelisted domains, preventing unauthorized use.
- Rate-limiting (one submission per IP per hour) reduces spam.
- Only your server/domain should send webhook requests.
Follow our security tips in the setup guide to ensure protection.