Allow traffic
Verify site ownership and authorize CacheBoost requests using a security token header.
CacheBoost needs to reach your site to warm it. Instead of managing IP addresses, CacheBoost identifies itself with a per-site security token sent on every request. Configure your WAF, CDN, or firewall to allow requests that carry this header.
Site verification
When you register a site, CacheBoost gives you a validation_token. Choose one of the two methods below, then click Verify in the dashboard.
Method 1: HTML file
Create a file named {validation_token}.html at the root of your site:
https://www.example.com/a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4.htmlThe file must return HTTP 200. Its content is not checked. You can delete it after verification.
Method 2: Meta tag
Add a <meta> tag to the <head> of your homepage:
<meta name="cacheboost-token" content="YOUR_VALIDATION_TOKEN" />CacheBoost fetches your homepage and checks for this tag. The token must match exactly.
Security token header
CacheBoost sends the X-CacheBoost-Token header on all warm-up requests and sitemap downloads. Whitelist this header in your firewall, CDN, or WAF to authorize CacheBoost traffic.
Find your token
Go to My Sites in the dashboard and click the key icon next to your site. Your header value is displayed ready to copy:
X-CacheBoost-Token: YOUR_SECURITY_TOKENConfigure your firewall / WAF / CDN
Create a rule that bypasses blocking or rate-limiting for requests where X-CacheBoost-Token matches your site's token. The exact steps depend on your provider — consult its documentation for header-based allowlist rules.
You can regenerate your token at any time from the key icon menu. Update your firewall rule whenever you regenerate it.
Test the configuration
Trigger a run manually from the dashboard or via POST /v1/sites/{siteId}/boosts/{boostId}/run. Check the run results — a successful fetch for each URL confirms CacheBoost traffic is getting through.