Impact: 90 · Confidence: 100 · Complexity: 75
Description
-
Problem: Optimole charges based on the number of unique visits hitting the CDN. However, there is no way for users to restrict which domains can serve their optimized images. If a third party hotlinks an image directly using the CDN URL, that external traffic counts against the user's monthly quota, resulting in unwanted and potentially expensive automatic plan upgrades. Additionally, users are completely blind to this because the dashboard does not provide domain/referrer analytics to debug traffic spikes.
-
Desired Behavior: Implement a Hotlink Protection feature that allows users to whitelist authorized referring domains. Any CDN requests originating from unauthorized referrers should be blocked. Additionally, providing basic visibility into top referring domains in the dashboard would help users identify abuse.
-
Acceptance Criteria:
- Add a 'Hotlink Protection' settings section in the dashboard to define allowed domains.
- Configure CDN edge rules to block requests (return 403 Forbidden or a placeholder frame/image) when the HTTP Referer does not match the allowed list.
- Ensure legitimate empty referrers (direct access) can be optionally permitted or blocked.
- (Bonus/Secondary) Expose top referrers in the analytics dashboard to help users track down traffic anomalies.
Customer Context
A customer on a 120k monthly visit plan was auto-upgraded after their Optimole usage spiked to 320k visits, despite their website traffic remaining flat. They are threatening to migrate to a competitor because they cannot see where the traffic is coming from (missing domain/referrer analytics) and cannot stop third-party sites from draining their quota (missing hotlink protection).
Root Cause Analysis
The root cause is a billing and trust gap: the customer is being charged for usage they cannot independently audit or control. Because Optimole handles image requests via its own CDN, the user's host access logs will not reflect hotlinked CDN hits. Without hotlink protection or domain-level traffic reporting on Optimole's end, the customer is left paying for potentially abusive third-party traffic with no tools to mitigate it.
Reasoning
The customer is complaining about unexpected traffic spikes causing automated billing upgrades, requesting hotlink protection and detailed usage reporting (referrers/domains) to audit and control the usage. Currently, Optimole does not offer hotlink protection or granular analytics, meaning users have no way to verify if CDN traffic is legitimate or block unauthorized domains from consuming their quota. A search of documentation and GitHub issues reveals no existing capabilities or tickets for this.
Source: HelpScout #3349505247
Generated by feature-request-triage workflow (ID: feature-request-triage_6a2ab1f7befe28.49171116)
Impact: 90 · Confidence: 100 · Complexity: 75
Description
Problem: Optimole charges based on the number of unique visits hitting the CDN. However, there is no way for users to restrict which domains can serve their optimized images. If a third party hotlinks an image directly using the CDN URL, that external traffic counts against the user's monthly quota, resulting in unwanted and potentially expensive automatic plan upgrades. Additionally, users are completely blind to this because the dashboard does not provide domain/referrer analytics to debug traffic spikes.
Desired Behavior: Implement a Hotlink Protection feature that allows users to whitelist authorized referring domains. Any CDN requests originating from unauthorized referrers should be blocked. Additionally, providing basic visibility into top referring domains in the dashboard would help users identify abuse.
Acceptance Criteria:
Customer Context
A customer on a 120k monthly visit plan was auto-upgraded after their Optimole usage spiked to 320k visits, despite their website traffic remaining flat. They are threatening to migrate to a competitor because they cannot see where the traffic is coming from (missing domain/referrer analytics) and cannot stop third-party sites from draining their quota (missing hotlink protection).
Root Cause Analysis
The root cause is a billing and trust gap: the customer is being charged for usage they cannot independently audit or control. Because Optimole handles image requests via its own CDN, the user's host access logs will not reflect hotlinked CDN hits. Without hotlink protection or domain-level traffic reporting on Optimole's end, the customer is left paying for potentially abusive third-party traffic with no tools to mitigate it.
Reasoning
The customer is complaining about unexpected traffic spikes causing automated billing upgrades, requesting hotlink protection and detailed usage reporting (referrers/domains) to audit and control the usage. Currently, Optimole does not offer hotlink protection or granular analytics, meaning users have no way to verify if CDN traffic is legitimate or block unauthorized domains from consuming their quota. A search of documentation and GitHub issues reveals no existing capabilities or tickets for this.
Source: HelpScout #3349505247
Generated by feature-request-triage workflow (ID: feature-request-triage_6a2ab1f7befe28.49171116)