Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

CDK Domains Reference

This document provides a comprehensive list of all domains used by the k-ID Compliance Development Kit (CDK). If you are employing allowlisting in your security strategy, these domains should be included to ensure the CDK functions properly.

Domain Categories

The CDK utilizes various third-party services for different verification methods. Below is a breakdown of domains organized by their purpose:

CategoryDomainPurpose
AgeKey Verification*.agekey.orgSecure age proof stored on a device, used anywhere without sharing personal info.
Facial Age Estimation*.privately.swissPrivacy-preserving facial analysis services
*.faceassure.comFace verification and age estimation
cdn.jsdelivr.netJavaScript libraries and dependencies
fonts.cdnfonts.comCustom font resources
ID Document Verification*.dcams.appDocument capture and verification services
dcamsclientlogos.s3.us-east-2.amazonaws.comClient branding assets
ConnectID Verification*.connectid.com.auAustralian-owned digital identity solution
Credit Card Verification*.stripe.comPayment processing and card verification
General Verification Pagesfonts.googleapis.comGoogle Fonts
*.gstatic.comGoogle static content delivery
*.k-id.comCore k-ID services and widgets

Implementation Notes

Wildcard Domains

Several domains use wildcards (*) to accommodate subdomains. Make sure your allowlisting implementation properly supports wildcard matching.

Environment Considerations

  • Test Environment: All domains listed are required for both test and production environments
  • Regional Variations: Some services may use region-specific subdomains

Troubleshooting

If you experience issues with CDK widgets:

  1. Check browser developer tools for Content Security Policy (CSP) violations
  2. Ensure all wildcard domains are properly configured
  3. Verify that your CSP syntax is correct
  4. Test in different browsers to ensure compatibility

Security Considerations

warning

Domain allowlisting is just one approach to securing your application when integrating third-party widgets and services. Modern web security involves multiple layers and strategies. We recommend reviewing the latest security best practices and determining the most appropriate security model for your specific use case and threat model.

While these domains are necessary for CDK functionality when using a domain allowlisting approach, always:

  • Regularly review and update your allowlisting configuration
  • Monitor for any unauthorized domain requests
  • Keep your CSP as restrictive as possible while maintaining functionality
  • Test thoroughly after any CSP changes

Additional Resources

For more information about implementing k-ID widgets and CSP configuration: