The Embedded Flow boots an iframe that loads Trust Swiftly. If you'd like to restrict the allowed domains that are allowed to boot the Embedded Flow, you can configure allowed domains in the Developer page within the Trust Swiftly dashboard.