Guardrails
SSRF and Network Security
Target validation, allowlists, and safe routing.
Pageshot blocks potentially risky targets by default:
- Only
httpandhttpsschemes are allowed - URLs with embedded credentials are rejected
- Private networks (localhost, 192.168.x.x, etc.) are blocked
DNS Pinning
To prevent DNS rebinding attacks, Pageshot resolves the hostname and validates the IP before connection.
Proxies
Use proxies to access internal or private hosts if needed.