What URLs do we proxy?
What URLs do we proxy?
Third party URLs
Any script loaded from a third party URL will be proxied, except those from bypassed domains. You can choose to leave certain domains and script URLs unproxied, by using the excluded scripts settings on the dashboard.
What URLs do we not proxy?
First party URLs
First party URLs are URLs served from the same domain and are unproxied by default. This means the same top-level domain, with or without www. prefix. You can choose to enable first party script proxying if you prefer via the domain settings, however this is left disabled by default. Even if these scripts are left unproxied, their full payloads are still monitored and go through a full security analysis. This means you will still be alerted if these scripts are behaving suspiciously and will continue to have full insight into these scripts on your dashboard regardless of whether they are proxied or not.
Invalid URLs
Any invalid URLs or URLs linked to browser extensions will be excluded from being proxied.
Bypassed domains
c/side has a small list of scripts that will bypass our proxying. Here is a list of scripts that we currently bypass:
| Script Domain | Why? |
|---|---|
intercom.io | Compatibility issue. |
stripe.com | Payment provider which doesn't allow their script to be sent from another domain. |
pay.google.com | Payment provider which doesn't allow their script to be sent from another domain. |
paypal.com | Payment provider which doesn't allow their script to be sent from another domain. |
maps.googleapis.com | Google maps API commonly used for auto-completing address and location details. |
authorize.net | A common authorization platform whose script is bypassed by default. |
Custom bypassed domains and excluded scripts
To bypass certain scripts and domains, navigate to your domain settings and click on the plus icon next to Excluded scripts. Here you can add a specific domain to be bypassed by including a * wildcard in the URL path, or a full URL for a specific script that should not be proxied. These settings can be deleted using the bin icon next to the excluded script/domain you plan to remove from being bypassed.
Scripts added here will continue to be monitored, meaning that you continue to gain full insight into their payloads. Like unproxied first party scripts, excluded scripts will go through a full security analysis, however as they are unproxied they would not be blocked if they are acting maliciously. Alert notifications are still sent in this case.
