Within origins (Settings > Origins), you can establish from which domains you want the SDK to work - this will prevent you from identity theft.

If you do not configure any source, requests to your application from any domain will be accepted.

Note: You only need to add the main domain without a prefix and there's no need of adding all subdomains, such as
Was this helpful?