Secure an Alias

Referer White-List

You can close an alias and only open access to authorized (white-listed) domains.

When using this technique, any request to the alias will be checked to determine if the calling source is white-listed.

The calling source is determined by the request’s referer request-header.

You can allow access to only a select list of domains by using the Referer list of the alias.

You can for example allow access to:

• //www.my-domain.com
• //www.example.com

Any other sites that try to get the alias images, will get a 403 forbidden error.

This also means trying to get to the images directly will show you the 403 forbidden error.

Locking your Alias

The other technique to secure your alias is to turn on its locked flag, in which case every image request will need to provide a key parameter.

You can read about keys here.

When your alias is locked, only requests that contain a valid key can use your images.

The proper way to use keys is by generating the keys on your website’s server-side code. Key generation involves account or alias secrets that should not be used openly in browser logic.