Use this page to specify which HTTPS URIs can be navigated to by an iframe in your app and which HTTPS URIs, when loaded ...

Use this page to specify which HTTPS URIs can be navigated to by an iframe in your app and which HTTPS URIs, when loaded in a WebView, can use window.external.notify to send a ScriptNotify event to the app. (These settings do not affect iframe elements contained within a WebView control.) HTTPS URIs can include wildcard characters in subdomain names (for example https://*.microsoft.com or https://*.*.microsoft.com).