Whitelist / Blacklist Domains
Domain Filtering
Domain whitelisting and blacklisting help protect your RPC endpoints from abuse, especially in public-facing web applications. When used properly, this feature prevents unauthorized use of your API key from unknown browser origins or embedded third-party scripts.
It’s also an effective first layer of defense against:
- DDoS attempts launched via web clients
- Malicious iframe embedding
- Leaked API key exploitation in frontend code
When domain filtering is active, the request origin is compared against your allowlist and blocklist settings before processing.
Management
From your dashboard, you can manage both whitelists and blacklists per key or per project.
- Whitelisted domains – Only allow traffic from the domains you specify
- Blacklisted domains – Explicitly block listed domains, regardless of other settings
If both lists are used, the blacklist takes priority. For example, if a domain appears in both, it will be blocked.
You can add domains using the following formats:
example.comapp.example.com
You may include up to 10 domains per list (whitelist and blacklist). If you require extensive domain management, feel free to contact us for assistance or scaling options.
Updated about 1 month ago