Restrict Conversation Agent Widget to Admin-Approved URLs | Voters

Restrict Conversation Agent Widget to Admin-Approved URLs

Luc Poirier

Hi HighLevel team and community!
Currently, Conversation Agent widgets can be 'steel' and embedded anywhere without restrictions, creating a major security gap. I suspect one of my client's chatbots was hijacked—conversations appearing have zero relation to their business, but I can't check which URL the widget was used on.
Why this matters? Admins need to whitelist specific URLs (e.g., only client.com pages) to prevent unauthorized use and track abuse. This is a critical security flaw that could expose sensitive data.
Has anyone experienced this? Vote if you agree—let's secure our widgets!
#GHL #ConversationAI #Security #Widgets #FeatureRequest

A week ago

Eddy CEO WhatSnap.ai - Connect YOUR phone to GHL

Wait, there's really no way to see which URLs are using your widget? That's a pretty basic security feature. We've been lucky so far but this makes me nervous about our client deployments.

Luc Poirier

Eddy CEO WhatSnap.ai - Connect YOUR phone to GHL, no so far I have not found this feature. In addition, the chatbot widget code can be easily found on our customer pages and installed on other sites. So it's not secure at all