Skip to main content

Allowed domains

Karo only works on the domain you specify in App settings. This is a security measure — it prevents the embed code from being used on unauthorised websites.

How it's enforced

When the Karo widget loads, it checks the domain of the current page against your allowed domain setting. If they don't match, the widget won't initialise.

This means:

  • Karo will work on yourwebsite.com if that's your allowed domain
  • Karo won't work on staging.yourwebsite.com unless that's separately configured
  • Karo won't work on localhost during development (unless you change the setting temporarily)

Getting the format right

The most common issue is a format mismatch between the allowed domain setting and the actual domain. A few things to check:

Don't include the protocol. Use yourwebsite.com, not https://yourwebsite.com.

Be consistent about www. — if your site loads at www.yourwebsite.com, use that. If it loads at yourwebsite.com (without www), use that. Many sites redirect one to the other, but the embed check looks at the actual current URL.

No trailing slashes. Use yourwebsite.com, not yourwebsite.com/.

Testing on a staging environment

If you want to test Karo on a staging site, temporarily update the allowed domain to your staging domain, test, then change it back before going live.

Alternatively, use the demo link at https://dashboard.heykaro.com/demo/your-app-id — this works from anywhere and doesn't require any domain configuration.

Subdomains

The allowed domain setting matches exact domains. It doesn't automatically cover subdomains. If Karo needs to work on shop.yourwebsite.com as well as yourwebsite.com, contact your SynapTix account manager.