Domain Whitelisting for Web SDK

Learn how to configure domain whitelisting on the CleverTap dashboard.

Overview

Domain Whitelisting is a security feature by CleverTap that ensures only approved domains can send data to your CleverTap account. This helps prevent unauthorized data ingestion, protects against data pollution, and safeguards campaign execution.

By default, the Web SDK accepts events from all domains. When domain whitelisting is enabled, CleverTap checks the source of each Web SDK request. If the domain matches one of the entries in your allowlist, the data is accepted; otherwise, it is rejected. When the feature is disabled (the default setting), data is accepted from all domains without restriction.

๐Ÿ“˜

Note

  • You can add up to 20 domains per account.
  • Only admins can make changes to domain whitelisting. This permission cannot be assigned to custom roles.

Set Up Domain Whitelisting

To set up Domain Whitelisting:

  1. Click Settings, then navigate to Security > Domain Whitelisting.
  2. Click Whitelist Domain.
Domain Whitelisting

Domain Whitelisting

  1. Enter a domain name and a name for identification.
  2. Click Whitelist to add the domain to your allowlist.
Enter Details

Enter Details

  1. Use the toggle switch in the dashboard to enable or disable domain whitelisting.

๐Ÿ“˜

Note

  • Whitelisting only takes effect after at least one domain is added and the toggle is switched on.
  • When domain whitelisting is enabled or disabled, an email is sent to the account admin to notify the change.
Enable Whitelist

Enable Whitelist

  1. You can edit and delete domains from the list at any time.

Domain Name Guidelines

Adhere to the following domain name guidelines when adding domains to your allowlist. The following are valid domain name formats:

  • www.example.com
  • example.com

The following are invalid domain name formats and can not be saved:

  • https://example.com or example.com/path - Do not include protocols (https://) or paths. Use only the root domain (such as example.com).
  • Duplicate or conflicting domains are not allowed (such as, both www.example.com and example.com).