If your website is hosted in a private network (like a staging environment), behind a corporate firewall, or in a strict "airgapped" environment, you may need to adjust your network's settings to allow Marker.io's services to function correctly.
This guide is broken into two parts:
Allowing Marker.io to Access Your Private Website: Necessary for our servers to render screenshots or connect to your self-hosted tools.
Allowing Your Team to Access Marker.io: Necessary for your team's browsers to load the Marker.io widget and application.
1. Allowing Marker.io to Access Your Private Website
If your website or integration is not publicly accessible, our servers will need permission to connect to it.
For Private/Staging Websites (Screenshot Rendering)
To enable our rendering technology to capture accurate screenshots of your private website, you will need to add the following static IPs to your server's allow-list:
54.74.55.180
176.34.96.155
54.75.170.10
108.129.31.250
(Note: Private websites with custom DNS settings are not supported at this time.)
For Self-Hosted Integrations (e.g., Jira Server, GitHub Enterprise)
If you are using a self-hosted version of an integration like Jira or GitHub, you must allow our integration connection IP to access your server to create issues:
52.17.43.230
For Websites with Basic Authentication
If your website is protected by basic authentication (like an .htaccess password), you'll need to provide those credentials to Marker.io.
For detailed instructions, please see our Basic Authentication Guide.
2. Allowing Your Team to Access Marker.io
If your organization's firewall or VPN restricts outbound access, your team's browsers may be blocked from loading the Marker.io widget or app.
The easiest method is to allow all subdomains of Marker.io (*.marker.io). However, if your security policy requires an explicit list of all domains, please use the breakdown below.
Explicit Domain Allow-List (For Strict Firewalls)
Here is the precise list of domains to ensure Marker.io functions correctly for your team.
Core Services (Required)
These are the minimum domains required for core bug reporting and application functionality.
app.marker.ioPurpose: Our main web application, including the editor, dashboard, and settings.
api.marker.ioPurpose: Our primary backend API. It handles sending widget data, authentication, loading projects, and collecting performance telemetry (e.G. editor load times).
media.marker.ioPurpose: Hosts essential media like your project logos, user avatars, and other static application assets.
ssr.marker.ioPurpose: Used for server-side rendering to help our application load.
Feature-Specific Services (Optional)
These domains are only required if you use the specific features associated with them.
s3.eu-west-1.amazonaws.comFeature: Session Replay
Note: This is a global Amazon S3 endpoint, not one specific to Marker.io. It is used to store session replay data and is only required if you use this feature.
canny.ioandapi.canny.ioFeature: In-app Feedback & Public Roadmap
Note: These domains power the "Give Feedback" and "Roadmap" tabs within the widget.
Non-Essential Services (Can be blocked)
These services are not required for any user-facing functionality.
www2.profitwell.comPurpose: An internal analytics tool our team uses for subscription metrics. This has no impact on the product for you and can be safely blocked.
Need Help?
If you've configured your settings based on this guide and are still running into issues, please chat with us using the icon at the bottom right of our website. We're happy to help you troubleshoot.