Domain restrictions are an account-level setting that controls which websites can display your embedded content. When enabled, your embedded media will only display on domains you approve, preventing unauthorized embedding on other sites.
Set up the domain allowlist
You must be an Account Owner to enable domain restrictions and manage the domain allowlist.
To access domain restrictions, open up your Account's dropdown menu and select "Settings." From your account Overview page, click "Account" in the sidebar and scroll down to the Domain restriction section.
Before enabling this feature, inventory all domains where you have embedded content and enter these into the allowlist.
Domain formatting rules
Enter domains without the http:// or https:// prefix
Subdomains are supported (for example, support.wistia.com will only approve this specific subdomain)
Specific pages or paths are not supported (for example, wistia.com/support will be treated as wistia.com
Domain restrictions will always allow media within your account on wistia.com pages
Enable domain restrictions
Once your domain allowlist is configured, set domain restrictions to “Enabled” and click "Update Settings."
If the domains are formatted correctly and all is working as expected, your embeds will continue to display without any issue. From there you should only need to update the allowlist when embedding on a new domain.
Note
After enabling domain restrictions, we strongly recommend checking your embeds to be sure they are still displaying on your allowlisted domains. Embed formatting issues or on-page conflicts can sometimes interfere with domain detection.
Note
Domain restrictions may interfere with Apple AirPlay on certain devices.
"Video not authorized" error
If a media is embedded on a webpage that isn't on the domain allowlist, you’ll see an error message where the video is supposed to display, saying “This video is not authorized to be embedded here”.
If you see this message on a domain that is on the allowlist, there may be an issue with domain detection on the page. Make sure that you're using the embed code provided by Wistia without any modifications. See embedding requirements below for more, or reach out to Wistia Support for help diagnosing a domain restriction issue.
Embedding requirements for domain restrictions
Domain restrictions rely on specific elements within the Wistia embed code to function properly. Issues can occur if the embed codes are modified, whether intentionally or unintentionally.
Note
Whenever possible, use the embed codes as provided by Wistia without any modifications. The only modifications we support are official features like our Embed options or Player API.
There a few important components here, included by default with every Wistia embed code:
The embed must have
class=”wistia_embed”for our legacy embed code orwistia-player[media-id='hashedid']for the Aurora embed code.Our E-v1.js (legacy embed code) or player.js script (Aurora embed code) must be embedded on the webpage.
If you're using an iframe (fallback) embed code, E-v1.js or player.js must be on the page outside of the iframe (it will always load inside the iframe).
When your embeds load on a page, the player will first try to match the domain of the parent page with the domains in your allowlist, and then either embed or restrict the media. This works by checking for the page’s referrer value.
Note
Domain restrictions are not compatible with some referrer policies. Check out this developer documentation for a full breakdown.
The most common explanation for seeing the “video is not authorized to be embedded here” message on a domain you’ve added to the allowlist is modification or removal of the E-v1.js or player.js scripts, depending on your embed code. If one of these scripts is removed, modified, delayed, or self-hosted, domain restrictions will not work as expected.