Skip to main content

Domain Not Authorized


When trying to view a self-hosted Web AR experience, I receive a "Domain Not Authorized" error message.


  1. Make sure you have white-listed the domain(s) of your web server. Self-Hosted domains are subdomain specific - e.g. "" is NOT the same as "". If you will be hosting at both and, you must specify BOTH. Please refer to the Connected Domains (see Self Hosted Projects) section of the docs for more info.

  2. If Domain='' (empty), check the RefererPolicy settings on your web server.


In the screenshot above, the Domain= value is empty. It should be set to the domain of your self-hosted WebAR experience. In this situation, the Referer Policy of your web server is too restrictive. The Referer http header is used to verify that your app key is being used from an approved/whitelisted server.

To verify the configuration, open the Chrome/Safari debugger and look at Network tab. The xrweb Request Headers should include a Referer value, and this needs to match the domain(s) you have whitelisted in your project settings.

Incorrect - In this screenshot the Referrer Policy is set to "same-origin". This means a referrer will only be sent for same-site origins, but cross-origin requests will not send referrer information:


Correct - The xrweb Request Headers includes a Referer value.


The default value of "strict-origin-when-cross-origin" is recommended. Please refer to for configuration options.