Site security

By default, Glopal localization works as a front (reverse) proxy before the origin site and is forwarding all requests from the buyer's browser to the origin site. If your site is using a Web Application Firewall solution or other comparable security product, the site will remain to be protected.

In some specific configurations, additional adjustments are required for the security product to correctly recognize and classify requests forwarded by the Glopal localization solution.

To identify such requests Glopal can be configured to:

  • include X-Glopal: <unique> header value with a unique shared secret

  • append string Glopal/<unique> to the User-Agent header

Glopal as a "Trusted Proxy"

Glopal includes X-Forwarded-For header in every request with the true end-user IP address. If your analytics or the security product is using the client IP address for rate-limiting or session tracking, it is important to recognize Glopal as a trusted proxy and use the IP address from this header and not the IP address of the Glopal localization solution.


Glopal localization solution automatically adjusts Content-Security-Policy header while localizing content to keep the same level of protection, while enabling Glopal features on top of your existing policy.

Last updated