Use Approved Domains List to increase experience program security by configuring the domains that are allowed to run the Medallia Digital JavaScript embed code. By specifying an allow list you prevent usage of Digital surveys on any unauthorized domains.

Once enabled, a Digital user with the Administrator role can use the Approved Domains screen under Configuration.

The default state is All domains which means that the embed code can be used on any domain.

To create an allow list select the Predefined Domains option. The list of domain names becomes editable and you must add at least one domain where the embed code is allowed to execute. For example www.company.com without the https:// prefix.

In cases where the site supports both www.company.com and company.com as URLs then both need to be added to the allow list. Use of wildcards is allowed, for example *.mybrand.com allows all subdomains under the mybrand.com top level domain.

In order for the changes to take effect click Save. Once completed, the embed code is checked against this list. If the domain attempting to execute the code is not validated then the Digital survey is not displayed.

For HH/DHH customers a package deployment is required after:

• Domain name edit
• Domain name deletion

In case all domain names have been deleted it necessary to actively select the All Domains option before saving.

Legacy invitations do not validate against the approved domain list.