We noticed that JavaScript is disabled in your browser. We suggest enabling it for a better experience.
We noticed you're using an older version of Internet Explorer. We suggest you update to the latest version for a better experience.
Skip to main content

Restrict forms to particular domains

This is an account owner task.


By default, when you start using OpenForms, your forms can be embedded on any website. This can be useful as your organization undertakes a digital transformation and your forms are added to various new sites. 

However, once you've completed this process, it's a good idea to restrict forms to only those domains used by your organization. This prevents external sites from embedding your forms, potentially with malicious intent.

To restrict your forms to particular domains, 

  1. Go to Account > Security
  2. Select Restrict the websites that forms can be embedded on.
  3. Enter the domains you'd like to whitelist in the field provided.
    web list.png
    Entering a URL will whitelist any pages within that domain.

    For example, there's no need to whitelist "www.pointrussell.com/library" if you've already entered "www.pointrussell.com".

    You can also use asterixes to whitelist domains with multiple prefixes.

    For example, "*.pointrussell.com" will whitelist "www.pointrussell.com" as well as "library.pointrussell.com".
  4. Save your changes.

When you apply this setting, any form that is hosted at a domain that you have not whitelisted will stop working.

Was this helpful?