Platform Administration and Architecture

Protect media requests


How to make sure that your Sitecore server only responds to valid image-scaling requests.

Applies to

All core roles

Sitecore Installation Framework

Media requests not protected by default.

Azure Toolkit

Media requests not protected by default.

The media request protection feature restricts media URLs that contain dynamic image-scaling parameters, so that only server-generated requests are processed. This ensures that the server only spends resources and disk space on valid image-scaling requests.

You can make your solution more secure and use the Sitecore media request protection feature optimally, if you make a small change to the Sitecore.Media.RequestProtection.config file.

To optimize the media request protection feature:

  • Patch the /App_Config/Sitecore/CMS.Core/Sitecore.Media.RequestProtection.config file and change the Media.RequestProtection.SharedSecret setting to a random string.


In a multi-server setup, you must use the same value for the Media.RequestProtection.SharedSecret setting on every server. This ensures that dynamic image scaling works correctly in situations where one server generates the image URL and another handles the request.