Referrer Policy and Wistia's Domain Restrictions

Learn about which referrer policies are compatible with Wistia's Domain Restrictions feature

How Domain Restrictions work

Domain Restrictions is a security feature for restricting where your videos can be embedded. This works by doing a check every time embeds are loaded on a webpage, comparing the domain of the parent webpage to the list of approved domains managed in your account settings. If the domain isn't recognized, no video files or player will be rendered on the page, instead showing a "Video not authorized to be embedded here" message.

This feature depends on the Wistia player being able to identify the parent document's referer value on load, and check that against the list of approved domains. If the referer is hidden altogether from the Wistia player, it cannot verify an approved domain and the video player will not load. The Wistia player needs access to the origin URL, i.e. the domain or sub-domain of the webpage with the embedded video.

πŸ“˜

Managing your domain restrictions allow-list

Account owners can manage the list of approved domains on the Account Settings page.

Configuring referrer policy for Domain Restrictions

Certain referrer-policy values can restrict the Wistia player's ability to perform the domain restrictions check on page load, in which case the videos may fail to load even if you have the correct URLs allow-listed in the account settings.

This is fixable by setting one of the supported policies below.

βœ”οΈ Referrer policies compatible with Domain Restrictions

  • no-referrer-when-downgrade
  • origin
  • origin-when-cross-origin
  • strict-origin
  • strict-origin-when-cross-origin
  • unsafe-url

❌ Referrer policies NOT compatible with Domain Restrictions

  • no-referrer
  • same-origin

Learn more about Domain Restrictions

See the full how-to guide on Domain Restrictions in the Wistia Help Center .