Image Origins

An “origin” is the location where the original images or web content is stored. An origin can be the URL of your web site, some online storage service like Amazon S3, or Google Cloud Storage or other 3rd party services. The only requirement is that the images stored at the origin be available through common internet protocols.

The URI schema for an origin looks like this:


With ImageEngine, an origin can be specified in two ways:

  1. Origin URL Prefixed

    The complete URL to the image can be prefixed with the Delivery Address.


    <img src="">


    <img src="">
  2. Origin Defined in Settings

    Origin can be mapped to a Delivery Address in the control panel. In that case, images can be referred to like this:

    <img src="//">


    <img src="//">

# Web Location

A web location is a location reachable by HTTP(S). The location can be identified by a domain name/hostname or IP address.

For example, if your website URL is and images are served from a sub folder,, the origin is

Like illustrated above, a web location supports:

  • Authentication
    • Username and password:
  • Port
    • Port number (default is 80):
  • Path
    • Path or sub folders:

# Host Header

The web location origin may also be an IP address or other hostname which need to be addressed by a different Host Header in the HTTPs request. In the control panel it is possible to specify the Host Header.

# Amazon S3

ImageEngine also supports S3 protocol for an easy S3 integration.

In the control panel, simply choose S3 as the protocol and input your S3 bucket name, and any additional sub folders if needed.

S3 can also be set up as a web location. Your bucket should be available in your browser using this scheme for a host name:

https://<bucket><file>, alternatively https://s3-<location><bucket>/<file>

If you want to use HTTP, then select the HTTP radio button and type in the fully qualified hostname. Note that if you want HTTPS, you will need to use the notation with the bucket name in the path: s3-<location><bucket>/.

Make sure the contents of your bucket are publicly accessible by adding a bucket policy:

      "Principal": "*",

# Google Cloud Storage

Google Cloud Storage is considered a web location. If you have your images stored on Google Cloud, make sure the bucket is publicly available. Then you can define your origin with as the origin host, and the bucket name, and any sub folders in your bucket, as a path in the web location.

# Origin Configuration

ImageEngine usually has a cache hit rate in the high-90s, shielding the origin from most of the web traffic. Still, how the origin is configured has an impact on performance.

# Cache Control

ImageEngine reads the HTTP response headers from the origin. The cache-control header is especially important as it determines how long an object is kept in cache. A low time to live (TTL) defined in the origin response, means more origin traffic because ImageEngine’s copy of the image must be revalidated more frequently.

We recomment a TTL of at least one week (604,800 seconds). For example, this HTTP response header sets the cache TTL to one week:

cache-control: max-age=604800

The minimum allowed TTL is 1 hour. Values lower than 1 hour will be automatically increased to one hour.

The cache behavior can also be overridden in the control panel.

# Slow Responding Origins

Sometimes the origin is so slow that the request from ImageEngine times out, resulting in an error message. Make sure the origin is configured to respond as quickly as possible. Amazon S3 is known to be slow. In cases where you experience origin timeouts, the timeout limit can be adjusted.

# Origin security

If additional security is needed to shield the origin from DDOS attacks or other malicious activity, please reach out to our customer success team to explore the options. Web Application Firewall (WAF) may be available at an additional cost.

In addition to username and password authentication, ImageEngine may support authentication through certificates, IP filters, access tokens, or other means depending on the situation.

SSL/TLS is supported by default. If desired, you can bring your own certificates.

Lastly, with ImageEngine you can implement Content-Security-Policies and Feature-Policies.