Site security

By default, when having localized sites on separate domains or subdomains, Glopal localization works as a front (reverse) proxy before your existing site, forwarding all requests from the buyer's browser to the origin site. If your site uses a Web Application Firewall solution or another comparable security product, it will remain protected.

In addition, you can also enable your existing CDN or WAF solution in front of Glopal.

Identify requests from Glopal

In some specific configurations, additional adjustments are required for the security product to correctly recognize and classify requests forwarded by the Glopal localization solution.

To help to identify all forwarded requests, Glopal can be configured to:

  • include X-Glopal: <unique> header value with a unique shared secret or

  • append string Glopal/<unique> to the User-Agent header

Please contact your account manager to enable this identification.

Glopal as a "Trusted Proxy"

Glopal includes X-Forwarded-For header in every request with the true end-user IP address. If your analytics or the security product is using the client IP address for rate-limiting or session tracking, it is important to recognize Glopal as a trusted proxy and use the IP address from this header and not the IP address of the Glopal localization solution.

Glopal is passing original User-Agent header.

To validate traffic from known crawlers and bots that publish their IP lists (eg. GoogleBot), you have to use the true IP address from the header value.

Content-Security-Policy

Glopal localization solution automatically adjusts Content-Security-Policy header while localizing content to keep the same level of protection, while enabling Glopal features on top of your existing policy.

Last updated