Restrict your form to only accept submissions from your own domain, so it can’t be embedded or abused from unauthorized websites.
By default, any website can submit to your form endpoint. Domain restriction lets you lock it down to only your own domain(s), adding an extra layer of protection against misuse.
This is available on the Paid plan.
Setting Up Domain Restrictions
Follow these steps to restrict your form to only accept submissions from domains you trust.
Go to Security Settings
Open your form’s Settings page, then navigate to the Security section. Add Your Allowed Domains
In the Domain Restrictions field, enter the domains or subdomains you want to allow, separated by commas.example.com, blog.example.com, app.example.com
Save Your Changes
Once saved, PipedForm will only accept submissions coming from the domains or subdomains listed. Requests from any other domain will be rejected.
Test Your Form
Submit a test entry from your website to make sure the submission goes through successfully. If you’ve entered the domain incorrectly, or your form is embedded on a different domain, the submission will be blocked.
Notes:
- Each entry must be a valid domain or subdomain (e.g.
example.com or app.example.com).
- Leave this field empty to accept submissions from any domain.
- If you’re testing locally or from a different environment, make sure to add that domain temporarily, or your test submissions will be rejected.