This article is also available in:

Domain Control

Domain Control for Embedding Your Application

Drimify allows you to control which domains can embed your application using an iframe. This feature ensures your content is only accessible from trusted sources and prevents unauthorised embedding.

How It Works

You can define a list of permitted domains. Only these domains will be able to embed your application in an iframe. Each domain should be written on a separate line.

Examples of Permitted Domains

✅ Allowed Entries	❌ Not Allowed Entries
`example.com`	`http://example.com` (protocol not needed)
`*.example.com`	`www.*.example.com` (wildcard only works at the beginning)
`subdomain.example.com`	`subdomain.*.example.com` (invalid wildcard usage)

Using Wildcards

A wildcard domain allows you to permit all subdomains of a given domain. You can use *. at the beginning of a domain to allow all its subdomains.

Example:

*.example.com → Allows sub.example.com, blog.example.com, shop.example.com, etc.
example.com (without *.) → Only allows example.com, not sub.example.com.

Tips for Using Wildcards

Wildcards must be at the beginning of the domain (e.g., *.example.com, not www.*.example.com).
Be careful when using *. as it will allow all subdomains, including dynamically created ones.
If you need to allow multiple specific subdomains, list them individually instead of using a wildcard.

Best Practices

✔ Only allow domains you trust.
✔ If you need to embed on multiple subdomains, consider using a wildcard ( *.yourdomain.com).
✔ Review your list periodically to ensure only authorised domains have access.

Updated on: 26/03/2025

Was this article helpful?

Thank you!