Implemented controls

A clear boundary around crawler rendering.

Prerender Buddy fetches public website pages and serves rendered HTML through controlled request paths. This page describes controls visible in the current implementation and the responsibilities that remain with each customer.

This is a technical security overview, not a certification or independent security audit.

Implementation reviewed: July 13, 2026.

Current controls

What the service enforces today.

Account and service access

Account routes require Clerk authentication. Admin routes require a separate configured admin identity. Rendering-engine and cache operations require a server-side service token.

API key handling

Prerender Buddy stores an API key prefix and cryptographic hash rather than the complete key. Keys can be revoked from the account, and rendering requests are limited to sites registered in the same workspace.

Public URL validation

Rendering accepts HTTP and HTTPS URLs only, rejects embedded credentials, blocks local and private network destinations, validates DNS results, and applies request guards inside the browser context.

Bounded rendering work

Fresh render concurrency, navigation time, upstream response size, rendered HTML size, cache entries, and cache memory are bounded to reduce runaway work and oversized responses.

Rendering boundary

Public pages only.

Prerender Buddy is designed for public, cacheable website content rather than authenticated or personalized application routes.

Excluded by default

Non-GET requests, static assets, APIs, account pages, login and signup, admin, dashboard, checkout, billing, settings, and profile routes bypass crawler rendering in maintained integrations.

Customer-specific routes

Customers must keep any additional private, authenticated, personalized, preview, or sensitive routes outside the render path and avoid placing secrets in public URLs.

Known limitations

What these controls do not prove.

  • Crawler detection uses user-agent text. It does not authenticate a crawler operator by IP range or reverse DNS.
  • No public claim is made here for a security certification, penetration test, data-residency region, or formal uptime commitment.
  • Application-level URL validation is not a substitute for infrastructure-level egress controls and ongoing dependency maintenance.
  • A rendered response can reproduce public page content. Do not configure pages that expose account data, credentials, or private customer information.

Report a security concern

Send the affected URL, observed behavior, and reproduction steps.

Do not include passwords, complete API keys, or unrelated personal data in the report.

Email security