Security
Controlling Where Your Digital Human Can Appear
When you embed your digital human on a website, it’s important to control who can use it and where it can be displayed. This helps protect your content and ensures it only appears on trusted sites. The settings below let you manage that access.
Allowed Origins
This controls which websites are allowed to show your digital human.
- By default, anyone can embed it on their site.
- If you want to limit access, you can list specific websites that are allowed.
Restrict Domains – Allowed iframe Event Origins (Legacy Digital Humans only)
If you’re using an iframe to embed your digital human and want to handle events (like button clicks or custom messages), you need to allow specific domains to use those event features.
If your digital human uses streaming mode, please refer to our SDK documentation instead.
To check whether your digital human is in legacy or streaming mode, see this page.
If the digital human configuration states that videoStreaming=true then your digital human is in streaming mode.
- Add the websites you trust to the list.
- For example: https://example.com means only this domain can interact with the iframe events
