Secure Screenshots

When building applications that handle sensitive data, screenshot and PDF generation can be a security challenge. Whether you're automating report generation from admin dashboards, creating design previews, or capturing user-specific content, you need to ensure that sensitive data remains protected throughout the process.

Screenshot services like Urlbox usually optimize for performance and ease of use through public CDN caching. While this works well for public content, it creates security risks when dealing with:

• Internal dashboards containing user data
• Financial reports with transaction details
• Previews of unpublished content
• Any other authentication-protected content

As a result you might decide to build your own internal screenshot infrastructure using tools like Puppeteer or Playwright. But this comes with significant operational overhead in terms of infrastructure maintenance, updates, and scaling.

What if you could enjoy the ease of use and performance of a 3rd party screenshot API for your more sensitive renders?

• Each request running in its own isolated browser instance
• All request data automatically purged within 30 seconds
• No persistent storage of URLs, custom JS, or CSS
• No request logging of potentially sensitive parameters
• No 3rd party storage or access to your renders

Introducing Urlbox Secure Mode

To use Secure Mode, set secure_mode: true in your API request and choose one of these storage approaches:

1. S3-Compatible Storage Credentials

   • Set use_s3: true if you've configured credentials in the Urlbox dashboard
   • Works with AWS S3, Cloudflare R2, Google Cloud Storage, DigitalOcean Spaces, MinIO, or any S3-compatible storage service.
   • Urlbox will ensure access is write only to your private bucket

2. S3-Compatible Pre-signed URLs

   • Provide a short lived s3_presigned_url for the primary screenshot/PDF.
   • And for additional output options (each requires its corresponding flag to be enabled):
     • s3_presigned_url_metadata with save_metadata: true
     • s3_presigned_url_markdown with save_markdown: true
     • s3_presigned_url_html with save_html: true

3. Short Lived Content URL

   • Provide a short lived URL with the url option to the HTML document you wish to screenshot or generate a PDF from.
   • Ensure the URL expires soon after the render is complete to minmise the chance of 3rd party access
   • Don't send HTML via the html option.

You can learn more about our geneal security practices on our security page. This new Secure Mode feature provides an extra level of security on top of this.

Secure Mode is only availble to customers on Ultra, Business and Enterprise plans using the latest version of our rendering engine.

Please Note: Due to reduced logging we are limited in the assistance we can provide to rendering issues when using Secure Mode. We recommend testing render options with non-sensitive content without including the secure_mode option.

If you'd like to learn more about this feature and get assistance in planning your implementation, we'd love to hear from you. Please get in touch.