diff --git a/src/components/App.tsx b/src/components/App.tsx
index 4b68fd15e..4c202441d 100644
--- a/src/components/App.tsx
+++ b/src/components/App.tsx
@@ -941,7 +941,7 @@ class App extends React.Component<AppProps, AppState> {
                       title="Excalidraw Embedded Content"
                       allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
                       allowFullScreen={true}
-                      sandbox="allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-presentation"
+                      sandbox="allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-presentation allow-downloads"
                     />
                   )}
                 </div>
diff --git a/src/element/embeddable.ts b/src/element/embeddable.ts
index 08988b285..80585bc72 100644
--- a/src/element/embeddable.ts
+++ b/src/element/embeddable.ts
@@ -55,6 +55,7 @@ const ALLOWED_DOMAINS = new Set([
   "link.excalidraw.com",
   "gist.github.com",
   "twitter.com",
+  "*.simplepdf.eu",
   "stackblitz.com",
   "val.town",
 ]);
@@ -274,9 +275,16 @@ const validateHostname = (
     const { hostname } = new URL(url);
 
     const bareDomain = hostname.replace(/^www\./, "");
+    const bareDomainWithFirstSubdomainWildcarded = bareDomain.replace(
+      /^([^.]+)/,
+      "*",
+    );
 
     if (allowedHostnames instanceof Set) {
-      return ALLOWED_DOMAINS.has(bareDomain);
+      return (
+        ALLOWED_DOMAINS.has(bareDomain) ||
+        ALLOWED_DOMAINS.has(bareDomainWithFirstSubdomainWildcarded)
+      );
     }
 
     if (bareDomain === allowedHostnames.replace(/^www\./, "")) {