Skip to main content

Allowed URLs

Each Key can be restricted against a number of URLs. Individual Licensee Keys can also have allowed URLs assigned to them.

Allowed URLs works by matching the Referer and Origin headers of an incoming HTTP request against your list of URLs. If no match has been found then a 4011 reply is returned.

If a matching URL is found, the request is allowed to proceed as normal. Furthermore, the Access-Control-Allow-Origin Response header is set as the requester's Origin header.

Allowed URL Rules#

Strings beginning with http:// or https:// will look for matches that start with the string.

For instance, https://www.example.com will match https://www.example.com/ as well as https://www.example.com/signup.

Strings which do not begin with http[s]:// will look for positive substring matches.

For instance, .example.com/signup will match https://www.example.com/signup as well as https://app.example.com/signup.