Advanced URL delivery options

Last updated: Apr-16-2023

Cloudinary offers a variety of advanced URL options for delivering your media assets.

Asset versions

By default, Cloudinary assigns a randomly generated unique public ID to each uploaded media asset. Alternatively, you can either define your own custom public ID or one based on the original file name of the uploaded image. If you upload an image with a public ID that already exists, the file will be overwritten. Keep in mind though that the CDN may already contain a previously cached copy of the older image.

To force the CDN to display the latest uploaded image, you can add a version component to Cloudinary's URLs. The version value is returned by Cloudinary as part of the response of the image upload, and represents the timestamp of the upload. Adding the version component to URLs can be done by setting the version parameter (v in URLs), for example:

sample image with version

As an alternative to using versions, you can set the invalidate parameter to true while uploading a new image in order to invalidate the previous image throughout the CDN. It usually takes between a few seconds and a few minutes for the invalidation to fully propagate through the CDN, while the version component takes effect immediately.

  • There are also a number of other important considerations when using the invalidate functionality. For example, if there is no version number in a URL that includes a folder structure, then by default, those URLs are not invalidated. For details on invalidating media assets, see Invalidating cached media assets on the CDN.
  • You cannot use 'v' followed by numeric characters as the name of a folder.

Error handling

If you have a problem when accessing a Cloudinary transformation URL (e.g., a blank result in your browser), it might be a simple matter of using the wrong transformation syntax. To understand more, check the X-Cld-Error HTTP response header which is where Cloudinary reports any errors it encounters (e.g., invalid syntax, invalid parameters, limit issues, etc.).

For example, trying to access the following URL would result in a X-Cld-Error: Invalid width - abc error, as the width parameter is used with an integer value and not a string:

To view the X-Cld-Error header on a Chrome browser for example, select Developers Tools from the View menu. Then select the Network tab, refresh your page, click on the image name with the 400 status code and look for X-Cld-Error under Response Headers.

Error report

You can also use the Cloudinary Console to see errors that have been generated from requests to your product environment via delivery URLs or API calls. To access the Error Report page click Reports > Error report.

Error report

You can export an error report for a specific day by selecting the date and clicking the Export to CSV link. An email is sent to you with a link to download the error report in CSV format.

Client-side asset lists

You can use the list delivery type to generate a JSON listing of all assets with a specified tag directly from your front-end code. Additional information is returned for each asset, including information on its format, type, dimensions, contextual metadata and structured metadata.

URL syntax:

The response is a JSON snippet listing all the resources of the specified resource type and the specified tag. For example, the request below generates a JSON list of all image resources in the demo project with the tag logo.

To generate the client-side lists using an SDK:

JSON response from the URL:

  • By default, the list delivery type is restricted. To enable it, open the Security Settings in your Cloudinar Console, and clear Resource list item under Restricted image types. You may want to clear this option only temporarily, as needed. Alternatively, you can bypass this (and any) delivery type restriction using a signed URL.
  • This option supports listing up to 1000 resources. To retrieve more than 1000, use the resources_by_tag property of the Admin API in server-side code, and include the next_cursor parameter to view long lists.
  • The JSON response is cached with a 60 second expiration policy. If you add or remove tags to assets, you'll be able to retrieve an updated JSON one minute after the previous JSON was generated.

Private CDNs and CNAMEs

The default Cloudinary shared CDN distribution is Thus, the default delivery URL for Cloudinary product environments uses the format:<cloud_name>/...

Cloudinary also supports private CDN distribution configurations. In this case, your asset delivery URL will follow the format:


For example:

Additionally, Cloudinary supports defining custom CNAMEs for relevant customers. In this case, your asset delivery URL will follow the format:

https://<your custom domain name>/...

For example:

Private CDN distributions and CNAMEs are available only for Cloudinary's Advanced plan and higher, and require a small setup on Cloudinary's side. An HTTPS-enabled CNAME also entails an additional cost. Contact us for more details.

SDK configuration for private CDNs and CNAMES

By default, when you use Cloudinary SDKs to generate delivery or transformation URLs, they generate them in the default format.

If you are using a private CDN or CNAME, make sure to define the private_cdn or secure_distribution/cname configuration parameter, so that the SDK will generate your URLs correctly.

For details, see Configuration parameters as well as the Installation and Configuration section of the relevant SDK guide.

Custom favicons

If your product environment is configured with a private CDN or CNAME, you can also set up a custom favicon. This favicon will be displayed whenever anyone views the assets you deliver in a separate tab. For example, note the custom Custom favicon logo in the browser tab of the following image:

Sample favicon

To set your custom favicon, upload a public .ico file called favicon.ico to the root folder of your product environment.

If you don't set a custom favicon, the default Cloudinary logo favicon is used.

Multi-CDN solutions

Different CDN solutions may provide better support for a particular CDN-based functionality that is important for your website or application, such as quick invalidations, video streaming capabilities, and more.

Alternatively, you may find that one CDN service best serves certain geographical markets, while another is significantly better for other locations. The same may be true for the same geography, but at different times of the day, or for a variety of other variables. Therefore, you could potentially optimize your page load time for each user by using different CDN services for different user requests.

If your account is on an Enterprise plan, you can optionally take advantage of one of the following solutions to ensure that your resources are delivered via the CDN that bests fits the needs of your application and your users:

  • Dynamic multi-CDN switching: Uses real-time data to automatically select the best performing or most appropriate of the supported CDN services for every user request. This automated CDN switching service routes users based on geography, HTTP round-trip-time (RTT), and a variety of other variables, and directs each user to a specific web server based on intersections between server load and geography, while avoiding CDNs that are experiencing temporary outages or lowered availability. It gathers this data on an ongoing basis so that it is ready to make the best real-time routing decision each time a request comes in.

    • Take a look at the Multi-CDN Demo page to see how long the same resource takes to deliver to your browser or to a variety of geographies via different CDN services, and how quickly you can deliver that same resource via the multi-CDN switching feature.
    • This service includes real-time monitoring that can provide insights about how improvements in your page load time influence user behavior KPIs such as visit length and conversions.
  • Smart CDN selection: Cloudinary experts help you determine which of the supported CDN services is the best fit for your required features and target audience. In some cases, it may even be determined that certain types of resources should be delivered through one CDN service, and the remainder through another. Additionally, if it's determined in the future that another CDN service could better serve your content, Cloudinary transparently implements the new configuration and mapping behind the scenes.

In both of the above options, Cloudinary handles the required CDN configurations and the mappings between CDN domains and the public Cloudinary domain, so that the resource URLs in your site or app never need to change.

These multi-CDN features are available only to Cloudinary customers with Enterprise plan accounts, and the dynamic multi-CDN switching feature affects pricing. Contact us for additional details.

Multiple sub-domains

The multiple sub-domains feature is no longer necessary with Cloudinary supporting the newer HTTP 2.0 protocol, since HTTP 2.0 supports concurrency by default.

Browsers currently limit the number of download requests they perform concurrently from each unique domain, which means that downloading many images from a single web page might be somewhat slow. To overcome this limitation, Cloudinary supports downloading images via multiple sub-domains, which means you can spread your image downloads between the different sub-domains, resulting in a much improved web browsing speed.

The improvement applies only to image requests over HTTP and it is not recommended to use multiple sub-domains together with HTTPS: opening an HTTPS connection requires more time than opening an HTTP connection (several round trips are needed to perform the encryption handshake).

Cloudinary supports the default res sub-domain, as well as the res-1 through res-5 sub-domains, as a prefix to the host name. Mapping between a specific image (by public ID) and the six different sub-domains (res plus res-1 through res-5) should be consistent in order to ensure that the browsers can correctly cache the images. For example, referencing a certain image once via 'res-1' and then again via 'res-2' will bypass browser caching and download the image twice.

For example, the sample image delivered via the res-4 sub-domain:

When using one of Cloudinary's framework SDKs, you can also automatically enable delivering images from the res-1 through res-5 sub-domains by setting the cdn_subdomain parameter to true, either globally (e.g., in the CLOUDINARY_URL environment variable) or locally in each call. Note that the Cloudinary SDKs automatically map individual images consistently to the same sub-domain using a CRC32 based code of the image's public ID.

You can also use multiple sub-domains when using a custom domain (CNAME) by prepending the a1 through a5 sub-domains, as a prefix to the host name, for example:


CNAMEs are available only for Cloudinary's Advanced plan and higher, and requires a small setup on Cloudinary's side. Furthermore, the sub-domains need to be defined in the DNS settings of the domain name. Contact us for more details.

For more information on using sub-domains, see the Reduce site load time with multiple CDN sub-domains article.

SEO-friendly media asset URLs

Image and video URLs are specified in the source code of HTML pages and are leveraged by search engines to understand the media asset's content. Concise and descriptive image and video file names are better for search engines to extract information about a media file, therefore supporting your site's SEO ranking.

SEO starts with the ability to define custom public IDs while uploading media assets which can be as descriptive as necessary. Cloudinary can help make your image and video URLs more SEO friendly in a few other ways:

For more information on creating SEO friendly URLs, see the article on How to dynamically create SEO-friendly URLs for your site's images.

Root path URLs

The Root Path URL feature allows you to create shorter image URLs for delivering uploaded images. The default Cloudinary resource delivery URL includes the resource type and type parameters, for example, /image/upload. With Cloudinary's Root Path URL feature, the resource type and type parameters are set to the default values 'image' and 'upload' respectively, which means that any URL without the resource type and type parameters will automatically default to using those values.

For example, the default delivery URL for the sample image in JPEG format is normally:

The delivery URL using the Root Path URL feature for image uploads is:

Both the URLs above deliver the same uploaded image.

Dynamic SEO suffixes

The dynamic SEO suffixes feature allows you to dynamically add a descriptive suffix to the Public ID in the delivery URL. This can be useful:

  • If the asset was not given a suitable Public ID during the upload process.
  • To support different languages for describing a single asset.
  • To reflect specific content on certain pages.

Using this feature when delivering a URL does not incur additional transformation counts as the suffix is resolved on the CDN layer.

Even when transformations are applied, if you deliver the identical transformation URL multiple times, where only the SEO suffix differs, then only the first delivered (or eagerly generated) of those URLs, regardless of SEO suffix, is charged for initially generating the transformed asset.

To add a dynamic SEO suffix, the asset type and delivery type elements of the URL need to be merged into a single component:

  • For assets stored using the upload delivery type:
    • replace /image/upload with /images
    • replace /video/upload with /videos
    • replace /raw/upload with /files
  • For private image uploads, replace /image/private with /private_images
  • For authenticated image uploads, replace image/authenticated with /authenticated_images.

Afterwards, any custom suffix can then be dynamically appended to the Public ID by adding a slash (/) and the SEO name.

Currently, private and authenticated videos do not support SEO suffixes.

For example the default delivery URL for the t8sn7wg4jd74j image in JPEG format is:

The delivery URL with the suffix basketball-game added to the Public ID is:

In the URL below, the same image is given a suffix in Spanish:

All the URLs above deliver the same uploaded image.

Generating URLs with SEO suffixes using SDKs

To generate a URL with an SEO suffix using an SDK, pass the relevant url_suffix/suffix configuration parameter. The SDK will then generate the URL with correct merged asset type & delivery type component and append the specified suffix.

The example below shows a URL with multiple chained transformations and a Spanish SEO suffix.

Spanish SEO suffix


You can also make your URLs more SEO friendly by using a custom domain (CNAME) for your URLs instead of the shared The dynamic SEO suffix and CNAME features can also be used together, for example:


CNAMEs are available for Cloudinary's Advanced plan and higher, and requires a small setup on Cloudinary's side. For more information, see Private CDNs and CNAMEs.

Using a default image placeholder

Default images can be used in the case that a requested image does not exist. For example, a site that automatically stores user profile pictures with the same name as the user themselves, allowing you to reference the pictures by user name (unless the user has not uploaded a profile picture yet). Specify a default image to use with the default_image parameter (d in URLs) and the public ID + format of a previously uploaded image, for example, d_placeholder.png to use the image with the public ID of placeholder as the default image. Any requested transformations are also applied on the default image as well.

For example, to use the PNG image called avatar as a default image in the case that the image called non_existing_id does not exist:

avatar used as default image when requested image does not exist

The same example as above, but with transformation parameters applied to scale down to 200 pixels wide and rotate by 45 degrees:

avatar used as default image when requested image does not exist

If the default image is in a folder, specify its public ID replacing slashes with colons (e.g., an image with public ID docs/placeholders/samples/avatar.png should be referenced as d_docs:placeholders:samples:avatar.png). The intended image should be specified with slashes as normal. For example:

avatar used as default image when requested image does not exist

If the requested image does not exist and the default placeholder image is delivered instead, the x_cld_error header will also be included in the response.

Generating delivery URL signatures

Cloudinary delivery URLs require a signature component under the following circumstances:

  • Authenticated media assets - all assets uploaded with their resource_type set to authenticated
  • Dynamic transformations with strict transformations enabled - this only applies to generating and then delivering new derived assets dynamically (on the fly).
  • Dynamic transformations with certain add-ons - this only applies if the add-on has never been used with the asset before. If you use a Cloudinary add-on that supports on-the-fly activation of the add-on capability in a transformation URL, check the relevant add-on documentation for the signature requirements.

  • The signature component is automatically generated and added to the URL when you use one of Cloudinary's SDK helper methods you include the sign_url boolean parameter set to true.
  • api_secret, which is a required element of in signature generation, should never be revealed to anyone who is not authorized, and therefore your signature should never be generated on the client side or inside your native application.

To manually create a signed delivery URL, you also need to create a signature component of the format /s--SIGNATURE--/ that is based on the Public ID and any transformations or version number you use in the rest of the delivery URL. The SIGNATURE is the first 8 characters of a URL-safe base64 message digest (hash value) created with an SHA (Secure Hash Algorithm) cryptographic function.

By default, Cloudinary supports both SHA-1 and SHA-256 digests for validation, and you can use either. The SDK methods use the SHA-1 algorithm by default, but you can use the SHA-256 algorithm instead by setting the signature_algorithm SDK configuration parameter to sha256. If you want to limit your account to allow only the SHA-256 digest for all your validations, submit a request.

To generate the URL signature:

  1. Create a single string including all of the directives for the asset to deliver: any transformation parameters, the version number, the public_id, and file extension that will be used in the delivery URL, separating each component with slashes (/) (this string is exactly equivalent to the components of the delivery URL that will come after the signature).
  2. Append your API secret to the end of the string.
  3. Create a URL-safe base64 message digest (hash value) of the string using an SHA cryptographic function.

For example, if your API secret is abcd, and you need to generate a signature for the sample image scaled to 300x250, with a grayscale effect (w_300,h_250,e_grayscale), and delivered as a PNG:

  • Parameters to sign:
    • w_300,h_250,e_grayscale
    • sample.png
  • Parameters in a single string joined with a slash:
    • w_300,h_250,e_grayscale/sample.png
  • String including the API secret that is used to create the signature:
    • w_300,h_250,e_grayscale/sample.pngabcd
  • SHA-1 base64 result:
    • INQUGuluWsGzxkcBaITPo7KMKic
  • First 8 characters to use as URL signature:
    • INQUGulu
  • Full signature component including prefix and suffix:
    • s--INQUGulu--

The final delivery URL including the signature:,h_250,e_grayscale/sample.png

An example of the above in Ruby:

See also: Have a look at the Cloudinary Signatures quick reference for a summary of the payload string to sign for delivery URL signatures as well as information on other use cases that may require signature generation.

✔️ Feedback sent!

Rate this page: