Please correct the errors below.

Embed allowlists

In order to embed one of your slices in a website, you need to add your website to your allowlist.

Allowlists are a security measure. Without allowlists, anybody with a bit of HTML knowledge could copy your embed codes into their own website — stealing your content (and possibly costing you some money in Soundslice fees).

To edit your allowlist:

1. Go to the Edit embed allowlist page, accessible via your account settings.

2. Enter the domain(s) your website uses, one per line. Examples of domains are:


Note these do not include http:// or https:// nor any slashes. It’s only the domain.

Also note that and are treated as two separate domains. Make sure to include both, if appropriate.

As soon as you save your allowlist, the changes take effect immediately.

What happens if my slice is embedded on a domain that’s not on the allowlist?

The slice won’t display. The user will see an error message saying the current domain isn’t on your allowlist. You will not get charged for this user/view.

What if I don’t know my site’s domain?

This can happen if you’re using a third-party tool or publishing system. No problem! Just copy the embed code into your site and try to view it in your site. You’ll see the error message, and it will tell you exactly which domain to add to your allowlist.

I’m using a publishing system and the Soundslice embed is failing the allowlist check while “previewing” or “editing” my page. Is there a way around this?

Odds are that your publishing system is publishing to a temporary URL when generating its preview. Try to find out what that temporary URL is, and add that domain to your allowlist.

If you can’t figure out what domain it is, it might be the case that your publishing system’s preview system isn’t compatible with our allowlist system (because it doesn’t send a Referrer header). Unfortunately there’s nothing you can do in this situation; you’ll have to live without Soundslice previews inside your publishing system.

I’m a developer. What domain should I use if my website code is running locally machine?

Feel free to add and/or localhost to your allowlist as appropriate.

Can I use wildcards in the allowlist?

No, we don’t support wildcards such as * You’ll need to add each subdomain individually.

How does the allowlist work from within a native app?

It’s slightly complicated but doable. See here for details.


If you’ve set up your allowlist but your embeds are displaying the error “Failed embed allowlist check,” here are some things to check:

1. Make sure the domain in your allowlist exactly matches the domain of your web page. One common hangup is that and are two different domains, so make sure the appropriate subdomain is in your allowlist.

2. Make sure the embed URL ends with a slash.

Bad: <iframe src="">

Good: <iframe src="">

If you leave off the trailing slash, our site will automatically do a 302 redirect to the version with the slash, and the redirect means your site will no longer send the referrer header — meaning your embed will fail the allowlist check.

3. Make sure your site is configured to send the referrer header.

Check whether your site is sending the Referrer-Policy HTTP header. If so, then make sure your policy allows sending of referrers across domains. The following values for the header will all work:

  • Referrer-policy: no-referrer-when-downgrade
  • Referrer-policy: origin
  • Referrer-policy: origin-when-cross-origin
  • Referrer-policy: strict-origin
  • Referrer-policy: strict-origin-when-cross-origin
  • Referrer-policy: unsafe-url
  • Or just remove the Referrer-policy header entirely