.png)
.png "Michael")
You can control where your widget loads and guarantee the identity of your logged-in visitors. Go to Settings → Inboxes → (Website inbox) → Configuration.
Allowed domains
List the allowed domains that can load the widget. The widget will refuse to show elsewhere — useful to prevent it being copied onto another site.
Identity validation (HMAC)
If you identify your visitors (customers logged into your site), enable identity validation. You sign the visitor's identifier with your HMAC secret key (shown here): Madyis Hub then verifies that one visitor can't impersonate another.
Good to know: identity validation is recommended as soon as the widget is used by logged-in users (customer area, app).