What security measures are available to prevent misuse of my account?

Cloudinary offers a large variety of settings and features that help you prevent misuse of your account and assets.

Security settings in the Console

When considering account security, you'll probably want to start by checking out the options in the Security tab of the Console settings. Keep in mind that these settings are at the product environment level, and should be reviewed for every product environment in your account.

• Strict transformations: Prevents people from freely generating transformations on-the-fly that could count against your account's transformation quota. When this option is turned on, only signed transformations, pre-generated eager transformations, or those specifically set as allowed, either programmatically or in the Console, can be delivered. You can also optionally define specific domains that are allowed to generate unsigned on-the-fly transformations that can be delivered even when the strict transformations option is turned on. Learn more about strict transformations.
  
• Restricted media types: Similar to strict transformations, but restricts on-the-fly delivery of specific features that might sometimes be misused. Like strict transformations, if you select any of these features or delivery types, then those types of URLs can be delivered only as signed URLs or if they are pre-generated as eager transformations.
• Allowed fetch domains: As an additional protection against people using your account to transform and deliver assets that are fetched from remote locations, you can define specific domains and sub-domains from which fetched assets can be delivered. If you don't mark Fetched URL as a globally restricted media type (using the option above), then it's a good idea to list the specific domains from which your product environment can deliver fetched media. Learn more about delivering fetched media.
• Add-on transformations: By default, all transformations that use add-ons must be signed. This prevents unauthorized users from using your add-on quotas. It's usually recommended to keep this default setting. If this is not a concern, or if you want to temporarily simplify generating add-on transformations while experimenting for example, you can allow generating unsigned add-on transformations by selecting the specific add-ons you want to allow. Learn more about Cloudinary add-ons.
• Usage of tags/context/structured metadata in transformation URLs: By default this is allowed and enables you to do things like creating URLs with conditions or user-defined variables based on an asset's stored metadata. However, that means the values of metadata stored with your assets can be exposed in the URL. If you have sensitive information stored in those metadata fields, you may want to disable this option.
• PDF and ZIP file delivery: While Cloudinary offers a variety of valuable PDF and archive-related features, it's also important to keep in mind that PDF and ZIP (or other archived) files can potentially contain malicious content. If you aren't actively using Cloudinary's PDF or archive delivery capabilities, you can block this option to help ensure that these types of malicious content can't be delivered from your account. This option is disabled by default for free accounts.
• Allowed Admin API and Console IP addresses: You can restrict the set of allowed IP addresses from which Admin API calls can be made or from which a user can log into the Cloudinary Console.

Other security options

In addition to the security settings mentioned above, you can also take advantage of the security features below:

• Authenticated/signed uploads: Uses a backend-generated signature based on your product environment API key, API secret, the specific upload parameters, and a timestamp to authenticate each uploaded asset. Learn more about authenticated requests.
• Moderation and malware detection add-ons: Cloudinary offers a set of moderation and malware add-ons that enable you to programmatically detect assets that contain unacceptable or dangerous content and potentially block them from being delivered and/or implement any other special handling of such cases. This is especially valuable for user-generated content. Each asset that's evaluated by one or more of these add-ons are assigned an approved, pending, or rejected moderation status, enabling programmatic handling and/or for your teams to optionally manually review or override the programmatically assigned status. Learn more about our protection-category add-ons.
• Response and notification signatures: Every API and webhook response includes a signature. You can set up your backend app to validate notification or response signatures before using them.
• Incoming transformations: You can take advantage of incoming transformations to ensure that user-generated content meets required standards, such as resizing files that exceed predefined file sizes or resolutions. This can ensure that your user-generated content doesn't waste your storage quota. Learn more about incoming transformations.
• ACL Blocklisting or Allowlisting delivered assets: Paid plans can submit a support request to either block or allow access to delivered assets by things such as Domain, IP, Country code, Path, User-Agent, Referer, and Content Type (Mime Type). Learn more about access control listings.