403error. To learn how to add other domains to Canva's allowlist, refer to Adding domains to the allowlist.
RefererHTTP header. Canva uses the
Refererheader to identify if the integration's domain is on the allowlist.
Referrer-Policyheader is set to a value that prevents Canva from receiving the
Referrer-Policyheader to the
strict-origin-when-cross-originheader. This ensures that the origin is sent with cross-origin requests, which allows Canva to verify if the origin domain is on the allowlist.