Contents x
    Third Party Domains
    • 31 Mar 2023
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Third Party Domains

    • Updated on 31 Mar 2023
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    As part of WineDirect's ongoing commitment to security management, we restrict unapproved third-party domains that can be used for embedding a page using <frame>, <iframe>, <object>, <embed>, or <applet>.

    A few examples are:

    • Embedding a video frame (Youtube, Vimeo, etc)
    • Embedding a chatbot frame
    • Embedding a sales traffic analysis frame

    This is done by the security best practice of employing The HTTP Content-Security-Policy (CSP) frame-ancestors directive. This directive prevents modern browsers from loading unallowed third-party domains as embedded page content. Such a protection mechanism is a PCI Compliance requirement.

    If your site embeds any third-party content domain, please check the list below to see if the domain is already allowed. If you are using third-party domains not on this list, please submit your request to security@winedirect.com to get them on our safe list and ensure your website content continues to display as expected.

    Recognized list of third-party domains: 

    • book.peek.com
    • instagram.com
    • weatherwidget.io
    • js.stripe.com
    • googletagmanager.com
    • photos.pixlee.com
    • c.sharethis.mgr.consensu.org
    • av. age verify.co
    • *.filesusr.com
    • assetss3.vin65.com
    • js.driftt.com
    • *.youtube.com
    • *.wix.com
    • instaembedder.com
    • digioh.blob.core.windows.net
    • dotcal.com
    • consentcdn.cookiebot.com
    • sb.monetate.net
    • *.twitter.com
    • static.parastorage.com
    • *.ryzeo.com
    • youtube-nocookie.com
    • tableagent.com
    • editmysite.com
    • vars.hotjar.com
    • snapwidget.com
    • fareharbor.com
    • platform.vinespring.com
    • apps.wixrestaurants.com
    • td.yieldify.com
    • *.rfihub.com
    • opentable.com
    • *.optimizely.com
    • widgets.resy.com
    • loadbalancer.visitor-analytics.io
    • booking.mangomint.com
    • vinoshipper.com
    • *.kampyle.com
    • foleywineclub.co.nz
    • *.wixapps.net
    • gum.criteo.com
    • my mobile app. online
    • iplayerhd.com
    • live2.brownrice.com
    • paypalobjects.com
    • cdn.krxd.net
    • px.owneriq.net
    • my.matterport.com
    • yelp.com
    • *.rlets.com
    • onelineplayer.com
    • insight.adsrvr.org
    • webform-console.pernod-ricard.io
    • *.ubembed.com
    • adservices.brandcdn.com
    • app.squarespacescheduling.com
    • chat.broadly.com
    • *.appspot.com
    • embedsocial.com
    • player.vimeo.com
    • instansive.com
    • *.rezdy.com
    • t.sharethis.com
    • secure.livechatinc.com
    • *.facebook.com
    • *.google.com
    • s7.addthis.com
    • Tock (*.exploretock.com)
    • *.grappos.com
    • *.lpages.co
    • fecdn.user1st.info
    • *.lightwidget.com
    • *.youcanbook.me
    • formcrafts.com
    • *.doubleclick.net
    • *.purechat.com
    • *.issuu.com
    • *.tawk.to
    • *.appointy.com
    • *.bubbleapps.io
    • *.stripe.com
    • *.helpscout.net
    • *.typekit.net
    • *.fullstory.com
    • *.cellarpass.com
    • *.elfsight.com
    • *.userway.org
    • *.mangomint.com
    • *.duda.co
    • *.multiscreensite.com
    • *.acuityscheduling.com
    • *.flipsnack.com
    • *.bokun.io
    • *.eventbrite.co.nz
    • *.small.chat
    • *.cincopa.com
    • *.kazzit.com
    • *.gowinecub.com
    • *.mailmunch.co
    • *.mailmunch.com
    • *.thefork.com.au
    • *.youriguide.com
    • *.virtualbctours.com
    • *.mailchimp.com
    • *.olark.com
    • *.jotform.com
    • *.acsbapp.com
    • *.godaddy.com
    • *.typekit.net
    • *.google-analytics.com
    • *.facebook.net
    • *.accessibe.com,
    • *.bing.com,
    • *.clickdimensions.com,
    • *.donationx.org,
    • *.googleapis.com,
    • *.hello.myfonts.net,
    • *.monetate.net,
    • *.newrelic.com,
    • *.newtonsoftware.com,
    • *.typekit.net,
    • *.visitingmedia.com
    • *.vintools.co
    • *.quickbooks.intuit.com
    • *.referralcandy.com
    • *.yotpo.com
    • *.premiercellar.com
    • *.fortsystems.com
    • *.eztexting.com
    • *.jivochat.com
    • *.vinovisit.com
    • *.linkedin.com
    • *.docusign.com
    • *.jebbit.com
    • *.communitybenchmark.com
    • *.winepulse.com
    • *.netbookings.com.au
    • *.sumo.com
    • *.vivino.com
    • *.gowinecub.com
    • *.winering.com
    • *.readytoship.com.au
    • *.eway.ca
    • *.vintrace.com
    • *.nowbookit.com
    • *.auspost.com.au (i.e. Parcel Send)
    • *.createsend.com
    • *.campaignmonitor.com
    • *.simpletix.com
    • *.brownrice.com
    • *.instagram.com
    • *.tripleseat.com
    • *.jotform.com
    • *.cloudbeds.com
    • *.zoho.com
    • *.curator.io
    • *.booking.resdiary.com
    • *.eway.com

    Important: If you are using third-party domains not on the above list, please submit your request to security@winedirect.com to get them on our safe list and ensure your website content continues to display as expected.

    * Asterisks denote wild cards to account for any subdomains. For example, certain wineries would have domains like winery123.filesusr.com and winery456.filesusr.com - so the above *  allows for all subdomains of filesusr.com.

    Was this article helpful?
    What's Next
    WineDirect is the best all-in-one commerce platform for wineries to start, manage, and grow their direct-to-consumer business.
    Products
    Company
    Support
    Follow Us