LogoLogo
BlogHelp CenterPrivacyLoginRegister
  • Let's optimize your images
  • Transformations
    • Input formats
    • Image operations
      • Width and height
      • Prevent enlargement
      • Crop
        • Automatic gravity crop
        • Positionable crop
        • Focal point crop
        • Face crop
        • Face hide
        • Aspect ratio crop
      • Fit
      • Cropfit
      • Bound
      • Boundmin
      • Cover
      • Device pixel ratio
      • Flip
      • Rotate
      • Trim
      • Rounded corners
      • Background removal
    • Image filters
      • Adjustment
        • Brightness
        • Contrast
        • Saturate
      • Color manipulation
        • Color overlay
        • Grayscale
        • Duotone
        • Sepia
        • Invert
      • Blur
      • Pixelate
      • Sharpen
      • Face blur
    • Image watermarking
      • Static watermark
      • Dynamic watermark
      • Text watermark
        • Text watermark fonts
    • Image compression
      • Image formats
      • Optipress
      • SVG compression
      • Color management
    • Static content
      • PDF to image
      • JS/CSS optimization
    • Video operations
  • Setup
    • Shortening URLs
      • Origin URL prefix
      • Aliases
      • Presets
      • Rules
    • Connecting storage bucket
      • Amazon S3
      • Google Cloud Storage
      • Microsoft Azure Blob
      • Basic authentication HTTP
    • Security
      • Token security
        • Domain whitelisting
        • URL signature
        • URL sealing
      • Account security
      • Origin security
  • Implementation
    • URL API implementation
    • Responsive images JS plugin
    • CMS plugins
      • Spryker
      • Drupal
      • Kontent.ai
      • Contentful
      • Adobe Commerce (Magento)
        • Basic implementation
        • Advanced implementation
      • Opencart
      • Prestashop
        • Prestashop tutorial
      • Shopware
      • Sylius
      • Wordpress
      • Shopify tutorial
        • Shopify integration
        • Theme files
        • FAQ
      • Commercetools tutorial
      • Ruby wrapper
    • Migrating from another image CDN
  • Caching and acceleration
    • CDN basics
    • Caching interval
    • Invalidation API
    • Warmup API
  • Analytics
    • Dashboards
      • Overview
      • Volumetry
      • Optimization
      • Delivery
      • Top-Ranking
      • RUM
      • Logs API
  • Cloudimage_v6 EOL
Powered by GitBook
LogoLogo

Resources

  • Help center
  • Contact support
  • Developers
  • cloudimage.io

Solutions

  • Media optimization
  • DAM
  • Performance report

Company

  • Blog
  • Service status
  • About us

Legal stuff

  • Terms & conditions
  • Privacy center
  • DMCA

Copyright © 2023 Scaleflex

On this page
  • Step 1. Configure domain whitelist
  • Whitelist and static content
  • Step 2. Try it out!

Was this helpful?

Export as PDF
  1. Setup
  2. Security
  3. Token security

Domain whitelisting

Allow fetching images only from a pre-defined list of origins

PreviousToken securityNextURL signature

Last updated 1 month ago

Was this helpful?

As a reminder, a Cloudimage URL looks like this:

//token.cloudimg.io/original_image_url?operations&filters

By default, images from any origin domains can be resized by Cloudimage. The storage and traffic used by these images will count toward your plan’s allowance. In the Cloudimage admin console, you can restrict the list of origin server URLs your token can transform images from.

If you are using Aliases and you have Domain whitelisting enabled, you have to include all aliases in the whitelisted domain list.

Step 1. Configure domain whitelist

Log in to your and navigate to Image settings / tab Domains. Scroll down to Whitelisted domains. Then configure your original image domains / S3 buckets.

Please note that when you whitelist eg. sample.li, this will also whitelist all its subdomains sub1.sample.li, www.sample.li, along with any recursive (sub...)sub.domain from the listed one.

When adding a domain to the whitelist, do not include http:// or https://.

Whitelist and static content

By default, Cloudimage does not enforce the domain whitelist when deliveringStatic content. If you would like to restrict delivering static content to whitelisted domains only, you can enable the Honor whitelist when delivering static content option in the Admin console.

Step 2. Try it out!

This Cloudimage URL works (the sample.li domain is whitelisted):

If the domain is not in your whitelisted domains list, the request will fail. In this example, pbs.twimg.com is not whitelisted, so the request is blocked.

//doc.cloudimg.io/http://sample.li/boat.jpg?width=500
//doc.cloudimg.io/pbs.twimg.com/profile_images/839721704163155970/LI_TRk1z_400x400.jpg?w=500
Cloudimage admin console