Skip to content


This section addresses security issues that most people can ignore. It is for advanced users that may have security concerns or who may have run into security issues with their MapsAlive tours.

MapsAlive Server

MapsAlive automatically hosts your published tours at which is a secure server with an SSL certificate. It supports Cross-Origin Resource Sharing (CORS) by sending an access-control-allow-origin header when responding to an XMLHttp request. This allows a website hosted on your server to embed a tour on the MapsAlive server without getting a cross-origin error.

Insecure Content

If any hotspots in your tour contain insecure content such as an <img> tag that contains a URL that starts with http instead of https, the browser might not display the image because it won't allow the secure tour to load insecure content, or it might automatically convert http to https which will trigger a 404 error if the server that hosts the image does not have an SSL certificate and thus cannot satisfy the https request. If you don't see the hotspot's image, check the browser's Developer Console for warnings and errors. If for some reason you must use insecure content, you'll need to download your tour and host it on your own insecure server, but this is not recommended.

Live Data

If your tours use the Live Data feature, there are additional server communication requirements.