Authorize your domain

Use the project page domain ownership check to prove the target is owned or approved before private scan delivery.

First-time customers and business owners

Feature availability

Product, package, provider and deployment boundaries for this page.

Available from: Current documentation
Deployment modes: cloud

Before you start

Domain authorization is the customer's explicit proof that the project host is owned by the business or approved by the site owner for automated scanning. It protects the account from running private scan delivery for the wrong site. Use this page after the project exists. The dashboard keeps Domain ownership check as a protected step under Reference links and protected steps, and the actual challenge lives on the project detail page beside Shortest path to first useful report.

Confirm the authorized domain

Follow the path `Dashboard → Shortcut paths → Get the first useful report → Project detail → Domain ownership check`. If the project domain is https://shop.example.com, do not assume https://admin.example.com or another customer domain is included. Add only the public pages that belong to the same accepted scan scope.

Open `/dashboard`, choose Get the first useful report, then open the project for the site you want scanned. Result: the project detail page shows the domain, Shortest path to first useful report and the domain ownership panel.
Compare the Domain value with the public site or journey you plan to scan. Result: the host, subdomain and protocol are clear before scope, Billing coverage, project service use or evidence collection.
Read Domain authorization in the path steps. Result: you can see whether the step is Done, Now, Waiting or Blocked and which previous step must finish first.
In Prove this is your domain, choose DNS TXT, meta tag or file upload and click Create challenge. Result: WebRiskOps gives a customer-owned proof value without asking for provider passwords.
Publish the challenge on the project domain, then click Check verification. Result: the project records Domain ownership confirmed or shows the exact verification error to fix.
If the host is wrong, return to Projects → Add project and create a separate project for the correct site. Result: unsupported or unrelated domains do not enter Billing, project services, scope or scan setup.

Continue to account entitlements

When the domain is correct and authorized, use the Use account entitlements documentation link on this page. Billing coverage and project service choice should match the authorized public scope; they do not approve a different domain or a private admin area.

Blocked states

Domain authorization required means the project has accepted scope but no verified ownership proof yet. Return to the project detail page, publish the active challenge and click Check verification.
Domain out of scope means the requested URL does not match the project domain or accepted host. Remove it, create the correct project, or keep it out of the project service and scan setup.
Private or internal host means the public scanner should stop. Use only supported public URLs unless a later integration path explicitly supports private or self-hosted scope.
Accept scope first means the domain challenge step is still waiting for the selected public scan boundary to be approved.

Was this page helpful?

Feedback goes into the product documentation review queue.