diff --git a/src/ScalarMessaging.js b/src/ScalarMessaging.js
index fa7b8c5b76..ca58acf00e 100644
--- a/src/ScalarMessaging.js
+++ b/src/ScalarMessaging.js
@@ -549,13 +549,14 @@ const onMessage = function(event) {
     //
     // All strings start with the empty string, so for sanity return if the length
     // of the event origin is 0.
-    //
+    const url = SdkConfig.get().integrations_ui_url;
+    if (event.origin.length === 0 || !url.startsWith(event.origin + '/')) {
+        console.warn(`Message from IM with invalid origin ${event.origin} ignored`);
+        return;
+    }
     // TODO -- Scalar postMessage API should be namespaced with event.data.api field
     // Fix following "if" statement to respond only to specific API messages.
-    const url = SdkConfig.get().integrations_ui_url;
     if (
-        event.origin.length === 0 ||
-        !url.startsWith(event.origin + '/') ||
         !event.data.action ||
         event.data.api // Ignore messages with specific API set
     ) {