When configuring the allowlist in Vector’s Settings, follow these guidelines:
To allow a specific subdomain, add the full domain using dot notation:
Example: www.vector.com → This allows only www.vector.com.
To allow all subdomains under a primary domain, use a wildcard (*):
Example: *.vector.com → This allows app.vector.com, portal.vector.com, blog.vector.com, and any other subdomain under vector.com.
To allow the entire root domain, you must explicitly add the root:
Example: vector.com → This allows vector.com but does not automatically include subdomains.
✅ Use wildcard notation (*) when you want to enable access across all subdomains. ✅ Ensure that your allowlist includes all necessary domains where Vector should be accessible.
✅ Regularly review and update your allowlist to remove outdated or unnecessary domains.
The Denylist explicitly blocks certain domains from accessing the Vector pixel. Even if a domain is in the allowlist, adding it to the denylist will override the allowlist and block access.
To block a specific subdomain, add it explicitly:
Example: malicious.vector.com → Blocks only malicious.vector.com.
To block all subdomains under a domain, use a wildcard:
Example: *.badsite.com → Blocks any subdomain under badsite.com.
To block an entire domain, simply enter the root domain:
Example: badsite.com → Blocks badsite.com and any subdomain under it.
❌ Denylist overrides the Allowlist—use it to block known threats or unauthorized domains.
❌ Avoid over-restricting unless necessary, as this may inadvertently block legitimate users.
❌ Regularly review your denylist to remove false positives and ensure security.
Navigate to Vector Platform → Settings → Domain Verification.
Locate the Allowlist & Denylist section.
Add, modify, or remove domains using dot notation (.) and wildcard (*) rules.
Save changes and verify domain access.