To ensure sessions with your Digital Human can only be started from domains you control, please contact your Customer Success representative or email firstname.lastname@example.org to let us know the domains where you will be embedding your Digital Human. We will ensure these domains are whitelisted so that your Digital Human can’t be used without your consent.
For example, if you are inserting the code snippet into a webpage with the URL https://your-domain.com/example/, then you must have the domain https://your-domain.com whitelisted.
To ensure the security of your conversation, it will not be possible to start a session with your digital human outside of https://your-domain.com
If no domain white listing is provided, it will be possible for a malicious user to deploy your digital human on their own website.
If you have a content security policy, you'll need to add Referrer-Policy strict-origin-when-cross-origin. This allows your website to pass the page referrer into the UneeQ frame for validation.