Each key can be whitelisted against a number of URLs. Individual licensee keys can have whitelisted URLs assigned to them.
Whitelisting works by matching the
Origin headers of an incoming HTTP request against your list of whitelisted URLs. If no match has been found then a
4011 reply is returned.
If a matching URL is found, the request is allowed to proceed as normal. Furthermore, the Access-Control-Allow-Origin Response header is set as the requester's Origin header.
Whitelisted strings beginning with
https:// will look for matches that start with the string.
https://www.example.com will match
https://www.example.com/ as well as
Whitelisted strings which do not begin with
http[s]:// will look for positive substring matches.
.example.com/signup will match
https://www.example.com/signup as well as