Skip to main content
Domain Restrictions

Take control over where your embedded content is allowed to display.

Harper avatar
Written by Harper
Updated over 2 months ago

Domain Restrictions are an account-level setting that controls which websites can display your embedded content. When enabled, your embedded media will only display on domains you approve, preventing unauthorized embedding on other sites.


Set up the domain allowlist

You must be an Account Owner to enable Domain Restrictions and manage the domain allowlist.

Find the Domain Restrictions feature within the Settings > Account page.

Before enabling this feature, inventory all domains where you have embedded content and enter these into the allowlist.

Domain formatting rules

  • Enter domains without the http:// or https:// prefix

  • Subdomains are supported, e.g. support.wistia.com will only approve this specific subdomain

  • Specific pages or paths are not supported, e.g. wistia.com/support will be treated as wistia.com

  • Domain Restrictions will always allow media within your account on wistia.com pages


Enable Domain Restrictions

Once your domain allowlist is configured, set Domain Restrictions to “Enabled” and click Save Settings.

If the domains are formatted correctly and all is working as expected, your embeds will continue to display without any issue. From there you should only need to update the allowlist when embedding on a new domain.

After enabling Domain Restrictions, we strongly recommend checking your embeds to be sure they are still displaying on your allowlisted domains. Embed formatting issues or on-page conflicts can sometimes interfere with domain detection.

Domain Restrictions may interfere with Apple AirPlay on certain devices.

"Video not authorized" error

If a media is embedded on a webpage that isn't on the domain allowlist, you’ll see an error message where the video is supposed to display, saying “This video is not authorized to be embedded here”.

domain restriction message

If you see this message on a domain that is on the allowlist, there may be an issue with domain detection on the page. Make sure that you're using the embed code provided by Wistia without any modifications. See embedding requirements below for more, or reach out to Wistia Support for help diagnosing a domain restriction issue.


Embedding requirements for Domain Restrictions

Domain Restrictions rely on specific elements within the Wistia embed code to function properly. Issues can occur if the embed codes are modified, whether intentionally or unintentionally.

Whenever possible, use the embed codes as provided by Wistia without any modifications. The only modifications we support are official features like our Embed Options or Player API.

The two most important components, included by default with every Wistia embed code, are:

  • Embeds must have the wistia_embed class

  • The E-v1.js script must be included directly in the code of the parent page

When your embeds load on a page, the E-v1.js script is what renders the video player visually. With Domain Restrictions enabled, E-v1.js will first try to match the domain of the parent page with the domains in your allowlist, and then either embed or restrict the media. This works by checking for the page’s referrer value.

The most common explanation for seeing the “video is not authorized to be embedded here” message on a domain you’ve added to the allowlist is modification or removal of the E-v1.js script. If this script is removed, modified, delayed, or self-hosted, Domain Restrictions will not work as expected.

Did this answer your question?