Ecommerce Fulfillment
Menu
TOP

Third Party Domains

As part of WineDirect's ongoing commitment to security management, we restrict unapproved third party domains that can be used for embedding a page using <frame>, <iframe>, <object>, <embed>, or <applet>.

A few examples are:

  • Embedding a video frame (Youtube, Vimeo, etc)
  • Embedding a chatbot frame
  • Embedding a sales traffic analysis frame

This is done by the security best practice of employing The HTTP Content-Security-Policy (CSP) frame-ancestors directive. This directive allows modern browsers to prevent the loading of un-allowed third party domains as embedded page content. Such a protection mechanism is a PCI Compliance requirement.

If your site will be embedding any third party content domain, please check the list below to see if the domain is already allowed. If you are using third party domains not on this list, please submit your request to security@winedirect.com to get them on our safe list and ensure your website content continues to display as expected.

Recognized list of third party domains:

 

  • book.peek.com
  • instagram.com
  • weatherwidget.io
  • js.stripe.com
  • googletagmanager.com
  • photos.pixlee.com
  • c.sharethis.mgr.consensu.org
  • av.ageverify.co
  • *.filesusr.com
  • assetss3.vin65.com
  • js.driftt.com
  • *.youtube.com
  • *.wix.com
  • instaembedder.com
  • digioh.blob.core.windows.net
  • dotcal.com
  • consentcdn.cookiebot.com
  • sb.monetate.net
  • *.twitter.com
  • static.parastorage.com
  • *.ryzeo.com
  • youtube-nocookie.com
  • tableagent.com
  • editmysite.com
  • vars.hotjar.com
  • snapwidget.com
  • fareharbor.com
  • platform.vinespring.com
  • apps.wixrestaurants.com
  • td.yieldify.com
  • *.rfihub.com
  • opentable.com
  • *.optimizely.com
  • widgets.resy.com
  • loadbalancer.visitor-analytics.io
  • booking.mangomint.com
  • vinoshipper.com
  • *.kampyle.com
  • foleywineclub.co.nz
  • *.wixapps.net
  • gum.criteo.com
  • mymobileapp.online
  • iplayerhd.com
  • live2.brownrice.com
  • paypalobjects.com
  • cdn.krxd.net
  • px.owneriq.net
  • my.matterport.com
  • yelp.com
  • *.rlets.com
  • onelineplayer.com
  • insight.adsrvr.org
  • webform-console.pernod-ricard.io
  • *.ubembed.com
  • adservices.brandcdn.com
  • app.squarespacescheduling.com
  • chat.broadly.com
  • *.appspot.com
  • embedsocial.com
  • player.vimeo.com
  • instansive.com
  • *.rezdy.com
  • t.sharethis.com
  • secure.livechatinc.com
  • *.facebook.com
  • *.google.com
  • s7.addthis.com
  • Tock (*.exploretock.com)
  • *.grappos.com
  • *.lpages.co
  • fecdn.user1st.info
  • *.lightwidget.com
  • *.youcanbook.me
  • formcrafts.com
  • *.doubleclick.net
  • *.purechat.com
  • *.issuu.com
  • *.tawk.to
  • *.appointy.com
  • *.bubbleapps.io
  • *.stripe.com
  • *.helpscout.net
  • *.typekit.net
  • *.fullstory.com
  • *.cellarpass.com
  • *.elfsight.com
  • *.userway.org
  • *.mangomint.com
  • *.duda.co
  • *.multiscreensite.com
  • *.acuityscheduling.com
  • *.flipsnack.com
  • *.bokun.io
  • *.eventbrite.co.nz
  • *.small.chat
  • *.cincopa.com
  • *.kazzit.com
  • *.gowinecub.com
  • *.mailmunch.co
  • *.mailmunch.com
  • *.thefork.com.au
  • *.youriguide.com
  • *.virtualbctours.com
  • *.mailchimp.com
  • *.olark.com
  • *.jotform.com
  • *.acsbapp.com
  • *.godaddy.com
  • *.typekit.net
  • *.google-analytics.com
  • *.facebook.net
  • *.accessibe.com,
  • *.bing.com,
  • *.clickdimensions.com,
  • *.donationx.org,
  • *.googleapis.com,
  • *.hello.myfonts.net,
  • *.monetate.net,
  • *.newrelic.com,
  • *.newtonsoftware.com,
  • *.typekit.net,
  • *.visitingmedia.com
  • *.vintools.co
  • *.quickbooks.intuit.com
  • *.referralcandy.com
  • *.yotpo.com
  • *.premiercellar.com
  • *.fortsystems.com
  • *.eztexting.com
  • *.jivochat.com
  • *.vinovisit.com
  • *.linkedin.com
  • *.docusign.com
  • *.jebbit.com
  • *.communitybenchmark.com
  • *.winepulse.com
  • *.netbookings.com.au
  • *.sumo.com
  • *.vivino.com
  • *.gowinecub.com
  • *.winering.com
  • *.readytoship.com.au
  • *.eway.ca
  • *.vintrace.com
  • *.nowbookit.com
  • *.auspost.com.au (i.e. Parcel Send)
  • *.createsend.com
  • *.campaignmonitor.com
  • *.simpletix.com
  • *.brownrice.com
  • *.instagram.com
  • *.tripleseat.com
  • *.jotform.com
  • *.cloudbeds.com
  • *.zoho.com
  • *.curator.io
  • *.booking.resdiary.com
  • *.eway.com

Important: If you are using third party domains not on the above list, please submit your request to security@winedirect.com to get them on our safe list and ensure your website content continues to display as expected.

* Asterisks denote wild cards to account for any subdomains. For example: certain wineries would have their own domains like winery123.filesusr.com and winery456.filesusr.com - so the above *  allows for all subdomains of filesusr.com.