Something I have been seeing (GoHighLevel)

Malwarebytes and other browser security tools sometimes flag or block GoHighLevel (GHL) forms, especially when embedded via iframes or scripts that call external tracking domains. This can hurt user experience and lead gen performance without warning.

Here are better ways to implement GHL forms to reduce false positives or blocking:

1. Use Custom HTML + Webhooks Instead of Native GHL Forms

Build the form natively on the site (HTML/JS)
Use GHL’s webhook to submit the form data directly
This bypasses the third-party form embed that Malwarebytes flags

Pro: Full control, clean UX, immune to third-party script blocksCon: Slightly more setup (but well worth it)

2. Use a Static Proxy Page

Create a white-labeled form page on your domain that hosts the GHL form
Instead of embedding it via iframe, link to it in a new tab or modal

Pro: Doesn’t trigger iframe/script blockingCon: Breaks inline form UX

3. Reverse Proxy or Mask the Script

Use Cloudflare Workers or Netlify functions to proxy the form script through your domain.

Example:Instead of https://form.abc.gohighlevel.com/, you call https://yourdomain.com/forms/lead and reroute it internally.

Pro: Looks native to your site, circumvents blocklistsCon: More technical to implement and maintain

4. Add CNAME and Use Custom Domains

GHL supports domain mapping for their funnels/forms.Set this up so the form loads from your own domain rather than theirs (which Malwarebytes may trust more).

Quick Fix:

If you must embed the native GHL form: