Domain Restrictions are an account-level setting that controls which websites can display your embedded content. When enabled, your embedded media will only display on domains you approve, preventing unauthorized embedding on other sites.
Set up the domain allowlist
You must be an Account Owner to enable Domain Restrictions and manage the domain allowlist.
Find the Domain Restrictions feature within the Settings > Account page.
Before enabling this feature, inventory all domains where you have embedded content and enter these into the allowlist.
Domain formatting rules
Enter domains without the http:// or https:// prefix
Subdomains are supported, e.g. support.wistia.com will only approve this specific subdomain
Specific pages or paths are not supported, e.g. wistia.com/support will be treated as wistia.com
Domain Restrictions will always allow media within your account on wistia.com pages
Enable Domain Restrictions
Once your domain allowlist is configured, set Domain Restrictions to “Enabled” and click Save Settings.
If the domains are formatted correctly and all is working as expected, your embeds will continue to display without any issue. From there you should only need to update the allowlist when embedding on a new domain.
After enabling Domain Restrictions, we strongly recommend checking your embeds to be sure they are still displaying on your allowlisted domains. Embed formatting issues or on-page conflicts can sometimes interfere with domain detection.
"Video not authorized" error
If a media is embedded on a webpage that isn't on the domain allowlist, you’ll see an error message where the video is supposed to display, saying “This video is not authorized to be embedded here”.
If you see this message on a domain that is on the allowlist, there may be an issue with domain detection on the page. Make sure that you're using the embed code provided by Wistia without any modifications. See embedding requirements below for more, or reach out to Wistia Support for help diagnosing a domain restriction issue.
Embedding requirements for Domain Restrictions
Domain Restrictions rely on specific elements within the Wistia embed code to function properly. Issues can occur if the embed codes are modified, whether intentionally or unintentionally.
Whenever possible, use the embed codes as provided by Wistia without any modifications. The only modifications we support are official features like our Embed Options or Player API.
The two most important components, included by default with every Wistia embed code, are:
Embeds must have the
wistia_embedclassThe E-v1.js script must be included directly in the code of the parent page
When your embeds load on a page, the E-v1.js script is what renders the video player visually. With Domain Restrictions enabled, E-v1.js will first try to match the domain of the parent page with the domains in your allowlist, and then either embed or restrict the media. This works by checking for the page’s referrer value.
The most common explanation for seeing the “video is not authorized to be embedded here” message on a domain you’ve added to the allowlist is modification or removal of the E-v1.js script. If this script is removed, modified, delayed, or self-hosted, Domain Restrictions will not work as expected.