Security

GitHub (opens in a new tab)

Getting Started
PixFace IFrame
Redirect Mode
PixFace SDK
How to use the API
Webhooks
UX Tips
SDK Methods
Configuration Options
Security
- Liveness Detection
- Full KYC Verification

On this page

Security

(opens in a new tab)

English

Security

Security

The host validates event.origin against allowedPostMessageOrigins/kycFrontOrigin.
The iframe is created with allow="camera; geolocation; microphone; clipboard-write; fullscreen" and referrerpolicy="origin".

Configuration Options Liveness Detection

©2025 PixtoPay