close

Welcome to Playflick


Playflick is now live — a new space to discover, watch, share, and enjoy videos. Create your account, explore fresh content, follow creators, and start building your own watch experience today.

Domain Whitelisting, Referrer & Embed Security Policy

Effective Date: 2026

Last Updated: 2026

This Domain Whitelisting, Referrer & Embed Security Policy explains how Playflick may use domain whitelisting, allowed-domain lists, referrer checks, iframe controls, embed restrictions, hotlink protection, token checks, anti-abuse systems, domain verification, and related security measures for embedded players, widgets, APIs, developer tools, and off-platform playback on Playflick.com, operated by Playflick™ Media .ltd.

This policy should be read together with our Terms of Service, Privacy Policy, Embeds, Widgets & Off-Platform Playback Policy, Embed Policy, API & Developer Terms, Security Policy & Responsible Disclosure, Third-Party Services Policy, Content Licensing & Distribution Policy, and Account Suspension & Termination Policy.

1. Who We Are

Operator: Playflick™ Media .ltd

Website: https://playflick.com

Business Address:
41 Norman Avenue
London
N22 5ES
United Kingdom

Embed Security Support Email: hello@playflick.com
Contact Page: https://playflick.com/contact-us

2. Purpose of This Policy

Domain whitelisting, referrer checks, and embed security controls help Playflick protect content, users, creators, rights holders, advertisers, developers, and the platform from unauthorised playback, scraping, hotlinking, piracy, fraud, malware, impersonation, and other misuse.

This policy explains:

  • How domain whitelisting and allowed-domain controls may work
  • How referrer and origin checks may be used
  • Why embedded players or widgets may fail on some websites
  • What security restrictions may apply to embeds and APIs
  • What bypassing embed security controls is prohibited
  • How users may report embed security or domain access issues

3. Feature Availability

Domain whitelisting, referrer checks, origin checks, iframe security controls, hotlink protection, domain verification, signed embed links, token checks, access restrictions, and related embed security features may not be available to every user, creator, developer, country, account type, content type, website, device, browser, or app version.

Playflick may add, remove, restrict, redesign, suspend, or discontinue domain whitelisting, referrer, and embed security features at any time.

4. Domain Whitelisting

Playflick may allow creators, rights holders, businesses, developers, or partners to restrict embeds or widgets to approved domains where features are available.

Domain whitelisting may be used to:

  • Limit where content can be embedded
  • Protect paid or licensed content
  • Prevent unauthorised third-party playback
  • Reduce piracy and hotlinking
  • Protect brand and creator reputation
  • Support partner or distributor agreements
  • Reduce spam, scams, and malware contexts

5. Allowed Domains

Allowed-domain settings may specify which domains can display embedded Playflick content or widgets.

Allowed-domain settings may include:

  • Root domains
  • Subdomains
  • Partner domains
  • Creator websites
  • Publisher websites
  • Event websites
  • Business or studio websites
  • Developer app domains where supported

Users should enter domain settings carefully because incorrect domain settings may block legitimate embeds or allow unintended access.

6. Domain Verification

Playflick may require domain verification before allowing certain embed, widget, API, or off-platform playback features.

Domain verification may require:

  • Adding a verification file
  • Adding a DNS record
  • Adding a meta tag
  • Confirming through a developer dashboard
  • Using an approved email domain
  • Completing business verification
  • Providing rights holder or partner confirmation

7. Referrer and Origin Checks

Playflick may use referrer headers, origin headers, domain information, request metadata, tokens, or similar signals to help decide whether an embed, widget, API request, or off-platform playback request should be allowed.

Referrer and origin information may be incomplete, blocked, modified, unavailable, or affected by browser settings, privacy tools, security tools, proxies, apps, or third-party website configurations.

8. Embed Blocking

Playflick may block or restrict embeds where domain, referrer, origin, security, access, rights, payment, safety, or policy checks fail.

Embeds may fail because of:

  • Domain not whitelisted
  • Incorrect domain settings
  • Missing referrer information
  • Blocked third-party cookies or storage
  • Expired embed token
  • Content rights restrictions
  • Payment or subscription requirements
  • Security or fraud review

9. Hotlink Protection

Playflick may use hotlink protection to prevent unauthorised use of video files, images, thumbnails, artwork, subtitles, captions, audio tracks, or other media assets outside approved Playflick players or systems.

Users must not bypass hotlink protection or directly link to protected media files without permission.

10. Iframe and Player Security

Embedded players may use iframe security features, sandboxing, content security policies, permissions policies, token checks, or other controls to protect users and content.

Users must not tamper with player security, remove required restrictions, hide controls, inject code into players, or create fake players that imitate Playflick.

11. Signed Links and Tokens

Playflick may use signed links, temporary tokens, session tokens, access tokens, playback tokens, API keys, or other security credentials for embeds and widgets where features are available.

Users must keep tokens, API keys, private keys, and secrets secure.

Users must not share, sell, leak, reuse, scrape, forge, or reverse engineer security tokens.

12. API and Developer Security

Developers using Playflick APIs, widgets, SDKs, or embed tools must follow Playflick’s API & Developer Terms, security documentation, rate limits, authentication requirements, privacy rules, branding rules, and access restrictions.

Developers must not:

  • Expose private keys
  • Bypass rate limits
  • Forge referrers
  • Scrape protected data
  • Bypass playback restrictions
  • Misrepresent user consent
  • Build fake Playflick login or payment flows

13. Referrer Spoofing and Circumvention

Users must not spoof, forge, hide, manipulate, or falsify referrer, origin, domain, token, session, or access information to bypass Playflick restrictions.

Circumvention attempts may result in blocked embeds, revoked access, restricted API keys, account restrictions, or other enforcement action.

14. Paid Content and Domain Controls

Paid content, rentals, purchases, subscriptions, memberships, creator courses, ticketed events, and premium content may have stricter domain, referrer, playback, and security restrictions.

Domain whitelisting does not override payment, subscription, rental, ticket, age, region, rights, or account requirements.

Users must not use domain settings or embeds to bypass paid access.

15. Rights Holder and Distributor Restrictions

Rights holders, studios, distributors, creators, or partners may require certain content to be embedded only on approved domains or not embedded at all.

Playflick may apply restrictions based on:

  • Territory rights
  • Distribution agreements
  • Windowing rules
  • Promotional agreements
  • Anti-piracy requirements
  • Brand safety requirements
  • Content rating requirements
  • Contractual obligations

16. Unsafe or Prohibited Domains

Playflick may block embeds or widgets on domains that create safety, rights, legal, fraud, malware, phishing, piracy, hate, harassment, child-safety, or platform integrity concerns.

Playflick may restrict domains that:

  • Host malware or phishing
  • Promote piracy
  • Impersonate Playflick
  • Mislead users about payment or access
  • Target children unsafely
  • Harass or abuse people
  • Violate rights or legal requirements
  • Manipulate ads, traffic, or analytics

17. Analytics and Referrer Data

Playflick may process referrer, domain, playback, interaction, device, browser, and technical information to operate embeds and protect platform integrity.

This information may be used for:

  • Playback delivery
  • Embed analytics
  • Fraud detection
  • Hotlink prevention
  • Rights enforcement
  • Security review
  • Developer support
  • Service improvement

More information is available in our Privacy Policy and Cookie Policy.

18. Third-Party Website Responsibility

Website owners who embed Playflick content are responsible for their own websites, privacy notices, cookie notices, accessibility, security, moderation, advertising, and compliance with applicable law.

Embedding Playflick content does not make Playflick responsible for the third-party website.

19. Security Testing and Responsible Disclosure

Users must not test, scan, probe, exploit, or attack Playflick embed systems, APIs, player security, or access controls except as permitted by Playflick’s Security Policy & Responsible Disclosure.

Security researchers should follow Playflick’s responsible disclosure process and avoid harming users, creators, data, content, or platform operations.

20. Child Safety

Domain whitelisting, embeds, widgets, off-platform playback, and referrer controls must not be used to exploit, sexualise, identify, harass, groom, manipulate, or endanger children or young users.

Playflick may block embeds on domains or pages that expose children to inappropriate, unsafe, exploitative, deceptive, or harmful material.

Serious child-safety concerns may result in immediate account action and reporting where appropriate or required.

21. Reports and Support

Users, creators, rights holders, publishers, developers, parents, guardians, or viewers may contact Playflick about domain whitelisting problems, referrer issues, embed security problems, blocked embeds, fake players, hotlinking, domain abuse, payment bypass concerns, or child-safety concerns.

Contact:

Email: hello@playflick.com
Contact Page: https://playflick.com/contact-us

Please include:

  • The domain, embed, widget, player, API integration, content, account, or URL involved
  • A clear explanation of the issue
  • Any screenshots, timestamps, error messages, domain settings, request details, or supporting context
  • Whether the issue involves child safety, payment bypass, rights, privacy, phishing, malware, or legal concerns

Do not send passwords, full payment card numbers, API secrets, private keys, parental PINs, or one-time login codes.

22. Enforcement

Playflick may take action where domain whitelisting, referrer checks, embed security, hotlink protection, API integrations, off-platform playback, or related features are abused or affected by policy violations.

Enforcement may include:

  • Blocking domains
  • Removing domains from allowlists
  • Disabling embeds
  • Restricting widgets
  • Revoking tokens or API keys
  • Restricting developer access
  • Restricting off-platform playback
  • Restricting accounts involved in embed security abuse
  • Removing content where safety or rights concerns apply
  • Suspending or terminating accounts for serious or repeated abuse
  • Preserving records for legal, safety, fraud, rights, payment, developer, or moderation reasons

23. Appeals and Review Requests

If your domain, allowlist setting, embed, widget, token, API access, off-platform playback, account, or related feature was removed or restricted and you believe Playflick made a mistake, you may request a review under our Appeals Policy where available.

Contact:

Email: hello@playflick.com

Please include:

  • Your account email where relevant
  • The domain, embed, widget, token, API integration, content, account, or feature involved
  • The decision you are asking Playflick to review
  • Why you believe the decision was incorrect
  • Any supporting screenshots, timestamps, domain details, technical context, or relevant details

Do not send passwords, full payment card numbers, API secrets, private keys, parental PINs, or one-time login codes.

24. Privacy and Data Retention

Playflick may process and retain domain records, allowlist records, referrer records, origin records, embed security records, token records, API integration records, playback records, analytics records, access records, report records, support messages, review records, fraud signals, safety records, payment records, rights records, developer records, and enforcement records.

These records may be retained for platform operation, playback support, account management, developer support, security, child safety, community safety, payment protection, rights protection, legal compliance, moderation, appeals, audits, fraud prevention, safety, and platform integrity.

More information is available in our Privacy Policy, Cookie Policy, Data Retention Policy, and Evidence Preservation Policy.

25. Changes to This Policy

We may update this Domain Whitelisting, Referrer & Embed Security Policy from time to time.

Changes may reflect new domain controls, embed security tools, referrer systems, developer integrations, playback systems, privacy controls, rights controls, legal requirements, safety requirements, or platform updates.

Your continued use of Playflick domain whitelisting, referrer, or embed security features after changes become effective means you agree to the updated policy.

26. Contact Us

For domain whitelisting questions, referrer check issues, embed security concerns, blocked domain reports, developer integration problems, review requests, or policy enquiries, contact:

Playflick™ Media .ltd
41 Norman Avenue
London
N22 5ES
United Kingdom

Embed Security Support Email: hello@playflick.com
Contact Page: https://playflick.com/contact-us
Website: https://playflick.com

27. Footer Notice

© 2026 Playflick™ Media .ltd. All rights reserved.
Playflick™ is a trademark of Playflick™ Media .ltd.