Security & Policies
Rover is scoped by design. It can only do what your website can do — nothing more.
Domain Scoping
Every Rover site key is locked to a set of allowed domains. When the embed script initializes, it checks the current hostname against the key's domain list. If there's no match, Rover refuses to boot and logs a warning.
allowedDomains: ['yourdomain.com', '*.yourdomain.com']
domainScopeMode: 'registrable_domain'registrable_domain (default) — matches the registrable domain. app.example.com and staging.example.com both match an example.com entry.
host_only — requires the hostname to match exactly. Use this when you need strict per-subdomain control.
Wildcards — prefix with *. to match all subdomains (e.g. *.example.com).
Navigation Policies
Rover uses a single policy to control what happens when navigation goes outside the allowed domain scope:
externalNavigationPolicy
Controls links pointing to domains entirely outside your allowed list.
open_new_tab_notice— Opens in a new tab and shows a notice to the user. Best for most sites.block— Prevents the navigation entirely. Use for highly controlled environments.allow— Navigates freely. Not recommended for production.
First-Party Execution
Unlike screenshot-based agents that run in a remote VM, Rover executes directly in the user's browser tab. This means:
- 1.No user credentials leave the browser. Rover acts as the user, within the user's existing authenticated session.
- 2.Rover can only interact with DOM elements that are visible and accessible to the current user.
- 3.All actions are subject to the same CORS, CSP, and browser security policies as your own JavaScript.
- 4.No screenshots or page content are sent to external servers — only the semantic DOM structure.
External Tab Context
External tabs are tracked with virtual tab IDs, URL, and title. Rover cannot directly control live DOM outside the embedded domain.
If enabled, Rover can request best-effort cloud text context for external tabs usingtools.web.enableExternalWebContext. Access is still subject to domain allow/deny rules and account credits.
When cloud fetch fails or is blocked by allow/deny policy, Rover falls back to placeholder context and continues.
Content Security Policy (CSP)
No CSP header on your site? No action needed — Rover works out of the box. This section only applies if your site sets a Content-Security-Policy header or meta tag.
Rover uses a Shadow DOM (not an iframe) to render its UI, which means it runs in your page's security context. If you have a strict CSP, add the following directives:
| Directive | Value | Why |
|---|---|---|
script-src | https://rover.rtrvr.ai blob: | SDK script + Web Worker blob creation |
worker-src | blob: https://rover.rtrvr.ai | Web Worker execution |
connect-src | https://extensionrouter.rtrvr.ai | API calls |
style-src | 'unsafe-inline' | Shadow DOM inline styles |
font-src | https://rover.rtrvr.ai | Self-hosted Manrope font |
media-src | https://www.rtrvr.ai | Mascot video (optional — disable with ui.mascot.disabled) |
For environments with strict CSP that cannot allow external script domains, you can self-host the SDK and worker files on your own domain and set workerUrl in your boot config. See the self-hosting guide for details.
CORS: You do NOT need to configure CORS on your server. CORS headers are set on Rover's CDN side. Your website simply loads the files — no server-side changes needed.
Key Management
Site keys can be rotated, disabled, and domain-scoped from the Workspace without redeploying your site:
- Rotate — generates a new key with the same configuration. Old key is immediately invalidated.
- Disable/Enable — toggle key access without deleting it.
- Update domains — change the allowed domain list in real time.
- TTL — keys can be set to auto-expire after 30, 90, 180, or 365 days.
Capability flags are enforced server-side for cloud APIs:roverEmbedfor Rover embed runtime requests andcloudAgentandcloudScrapefor cloud MCP/direct APIs.
Site keys require an active subscription with available credits. Check your credit balance in the Workspace.