Whitelisting Domains for Embedding

To protect user data and prevent unauthorized embedding, White Swan requires all embedded iframes to originate from whitelisted domains. This means that when you embed White Swan on your website, your domain must be whitelisted.

✅ Why Whitelisting Exists

The White Swan application can be embedded inside partner platforms using our iframe-based integration. Because embedded content runs cross-domain, it’s important that we only allow messages and interactions from known, trusted origins.

Whitelisting ensures:

• Only authorized partners can load the embedded app.

• Clickjacking attacks are impossible

• Compliance with privacy and licensing requirements.

✅ Whitelisting Your Domain

When you sign up for White Swan, the domain associated with your email will be automatically whitelisted.

Additionally, any whitelabeled domain you set up will also automatically be whitelisted.

If you need to whitelist another domain, you can either:

• Visit your settings page, expand the section called "White Label Domain & Communications", and press "Configure White-Listed Embedding Domains"

• From your dashboard, press "Embed" on any client journey, and then press "Manage Allowed Embedding Domains"