localhostif you wish to test the iframe during development.
http://localhost), and have no path. Wildcards to allow all subdomains under a domain are permitted, for example
https://*.domain.com. If you are using another port than 443 for https, you need to include a line allowing it, for example
?avatarUrl=<url>feature. The domain used for hosting your avatars must be added to the "Allowed domains" list in order for the images to show up.