📄️ HMAC Signing
HMAC signing lets you restrict PreviewProxy so that only requests generated by your application are accepted. When enabled, every request must include a valid sig parameter or it will be rejected with a 403.
📄️ Allowed Hosts
PPALLOWEDHOSTS restricts which upstream hostnames PreviewProxy is permitted to fetch images from. This is a critical security control that prevents your proxy from being used as an open relay.
📄️ Disallow Lists
Disallow lists let you restrict which image formats and transforms PreviewProxy will accept. This reduces attack surface by preventing processing of formats or operations that your application does not need.
📄️ Source URL Encryption
Source URL encryption lets you hide upstream origins from request logs, CDN traces, and browser history. When enabled, callers pass an AES-CBC encrypted blob instead of the raw URL; PreviewProxy decrypts it server-side before fetching.