LogoLogo
MerchantsHelpSign in
  • Overview
    • Countries & Currencies
    • Glopal Solutions Portfolio
  • Getting started
    • Shopify
      • Glopal Duty & Tax for Shopify
      • Shopify Collaborator Access
    • BigCommerce
    • Magento (Adobe Commerce)
      • Magento 1
      • Magento 2
        • Magento Activation
        • Magento Configuration
        • Magento Database Model
    • Visualsoft
    • PrestaShop
  • Marketing Solutions
    • Acquisition channels
      • Integrate Google Ads
      • Integrate Facebook Ads
    • Feed localization
      • Read domestic items
      • Localize the items
      • Upload the localized items
    • Features / Customization
      • Google Shopping countries coverage
      • Filters
      • Free listings
      • Comparison Shopping Services (CSS)
    • Google Ads
      • Conversion tracking
      • Standard accounts structure
      • Launching and monitoring Google Ads campaigns
    • Facebook
      • Facebook & Instagram Shops
      • Catalog Based Campaigns
      • Conversion and Brand awareness campaigns
      • Facebook conversion tracking
    • Email marketing
  • Localization
    • Site localization
      • Content localization
      • Price localization
      • Site search
      • Checkout
      • User account
    • Site discovery
      • Domains and Routing
      • Search engine optimization
      • Geo-localization
      • Country selector
    • Content distribution
      • Site security
      • Domains (DNS)
      • Traffic Splitting
        • Akamai
        • Cloudflare
        • Nginx
        • Microsoft IIS
        • AWS CloudFront
        • Magento Cloud
      • Third-party CDN
        • Cloudflare
      • Site speed
    • Integrations
      • CSS customizations
      • JavaScript customizations
      • Server-side customizations
      • Exclude from localization
      • Integration examples
        • Hiding Products
        • Newsletter Signup
        • Custom Price Logic
  • Checkout
    • Localized checkout
      • Overview
      • Styling
      • Integration
        • Callback Functions
        • Confirmation Page
        • Checkout Analytics
        • Allowlisting Glopal IPs
      • Price localization
    • Order processing
      • Order creation
        • Plug & Play integration
        • Order API
        • Event webhook
        • Custom Integration
      • Cancellation & refund
      • Returns
      • Buyer's communication
      • Customer account
    • Financials
      • EU VAT
  • DUTY & TAXES
    • Product Classification
    • Duty & Tax Calculation
      • Product Pricing
      • Supported Countries
    • Compliance Checks
      • Prohibited Goods
      • Denied Party Screening
  • SHIPPING
    • Order Creation
    • Label Generation
    • Manifest
    • Tracking
  • Translations
    • Translation Editor
  • MERCHANT ACCOUNT
    • Dashboards
      • SEO dashboard
  • What's New
    • Release Notes
Powered by GitBook
On this page
  • Identify requests from Glopal
  • Glopal as a "Trusted Proxy"
  • Content-Security-Policy
  1. Localization
  2. Content distribution

Site security

PreviousContent distributionNextDomains (DNS)

Last updated 10 months ago

By default, when having localized sites on separate domains or subdomains, Glopal localization works as a front (reverse) proxy before your existing site, forwarding all requests from the buyer's browser to the origin site. If your site uses a Web Application Firewall solution or another comparable security product, it will remain protected.

In addition, you can also enable your existing CDN or WAF solution in .

Identify requests from Glopal

In some specific configurations, additional adjustments are required for the security product to correctly recognize and classify requests forwarded by the Glopal localization solution.

To help to identify all forwarded requests, Glopal can be configured to:

  • include X-Glopal: <unique> header value with a unique shared secret or

  • append string Glopal/<unique> to the User-Agent header

Please contact your account manager to enable this identification.

Glopal as a "Trusted Proxy"

Glopal includes X-Forwarded-For header in every request with the true end-user IP address. If your analytics or the security product is using the client IP address for rate-limiting or session tracking, it is important to recognize Glopal as a trusted proxy and use the IP address from this header and not the IP address of the Glopal localization solution.

Glopal is passing original User-Agent header.

To validate traffic from known crawlers and bots that publish their IP lists (eg. GoogleBot), you have to use the true IP address from the header value.

Content-Security-Policy

Glopal localization solution automatically adjusts Content-Security-Policy header while localizing content to keep the same level of protection, while enabling Glopal features on top of your existing policy.

front of Glopal