📄️ HMAC Signing
HMAC signing lets you restrict PreviewProxy so that only requests generated by your application are accepted. When enabled, every request must include a valid sig parameter or it will be rejected with a 403.
📄️ Allowed Hosts
ALLOWED_HOSTS restricts which upstream hostnames PreviewProxy is permitted to fetch images from. This is a critical security control that prevents your proxy from being used as an open relay.
📄️ Disallow Lists
Disallow lists let you restrict which image formats and transforms PreviewProxy will accept. This reduces attack surface by preventing processing of formats or operations that your application does not need.