Overview

Pointer only works on domains you explicitly approve. This ensures your widget is used securely and only on your authorized websites.

Domain configuration

Accessing domain settings

Configure your allowed domains in the Pointer dashboard:

  1. Navigate to Settings page on the Pointer dashboard
  2. Locate the “Allowed origins” section
  3. Add your domains to the approved list
Domain configuration interface showing allowed origins settings

Security restrictions

Outside of local development environments, Pointer automatically blocks requests from domains that are not explicitly allowed. This security measure prevents:

  • Unauthorized usage: Stops other websites from using your Pointer widget
  • Data protection: Ensures your knowledge base and analytics remain secure
  • Resource control: Prevents unexpected credit consumption from unauthorized domains

Adding domains

Domain format

When adding domains to your allowed list, include:

  • Production domains: Your live website URLs (e.g., yourdomain.com)
  • Development domains: Staging or testing environments (e.g., staging.yourdomain.com)

When you add a domain like yourdomain.com, all subdomains (such as app.yourdomain.com, docs.yourdomain.com, etc.) are automatically allowed. You don’t need to add each subdomain separately.

Protocol considerations

  • HTTPS domains: Include your secure production domains
  • HTTP domains: Only if necessary for development or specific use cases
  • Local development: localhost and local IP addresses are automatically allowed during development

Local development environments (localhost, 127.0.0.1) are automatically allowed and don’t need to be explicitly added to your domain list.

Behavioral controls

Behavioral controls are available for users on the Growth plan and above.

Disabling guides on specific domains

Growth plan users can selectively disable guides (second cursor walkthroughs) on any of their allowed origins. This provides fine-grained control over where interactive guidance appears.

Common use case: If you want to add Pointer to both your product and documentation site, you may only want guides to appear in your product interface, not on your documentation pages.

Automatic guide disabling

Pointer automatically disables guides in the following scenarios:

  • Documentation subdomains: Domains that start with docs. (e.g., docs.yourdomain.com)
  • Documentation paths: URLs that contain /docs in the path (e.g., yourdomain.com/docs/getting-started)

Manual configuration

For custom domain setups or specific requirements:

  1. Navigate to the Playground
  2. Click the “Behavior” tab
  3. Select domains you want to disable guides on
  4. Save your changes
Domain configuration interface showing behavior settings for guides

You can mix and match guide settings across different domains. For example, enable guides on app.yourdomain.com while keeping them disabled on docs.yourdomain.com. In the case above, we’ve disabled guides on pointer.so and docs.pointer.so, but left them enabled on app.pointer.so.

Best practices

Troubleshooting

Widget not loading

If the Pointer widget fails to load on your website:

  1. Check domain list: Ensure your domain is added to the allowed origins
  2. Verify URL format: Confirm the domain matches your website’s URL
  3. Clear cache: Refresh your browser cache and try again
  4. Check console: Look for CORS or security-related error messages

Common issues

  • Protocol differences: http:// and https:// versions may need separate entries
  • Trailing slashes: Ensure domain format matches your actual URL structure
  • Completely different domains: Only different root domains (like example.com vs anotherdomain.com) need separate entries

Always test widget functionality after adding or modifying domains in your allowed origins list.