🆒 Your use case
When first-party proxy mode is enabled, the proxy URL path includes the actual third-party hostname verbatim. For example:
- PostHog:
/_scripts/p/us.i.posthog.com/e/?...
- Umami (self-hosted):
/_scripts/p/analytics.internal.example.com/api/send?...
This is particularly problematic for self-hosted services like Umami: the proxy path leaks the user's internal domain (analytics.internal.example.com) to the public, exposing private infrastructure details that should never appear in client-facing URLs.
Even for SaaS services, exposing the raw hostname:
- Makes requests detectable by ad-blockers that inspect URL patterns
- Reveals which third-party services a site uses to any network observer
- May conflict with corporate firewall policies blocking known tracking domains
🆕 The solution you'd like
Hi @harlan-zw, rather than offering a half-baked solution based on my limited knowledge and AI assistance, I’d prefer to leave the implementation details to your expertise. By the way, really appreciate your hard work.
🔍 Alternatives you've considered
No response
ℹ️ Additional info
No response
🆒 Your use case
When first-party proxy mode is enabled, the proxy URL path includes the actual third-party hostname verbatim. For example:
/_scripts/p/us.i.posthog.com/e/?.../_scripts/p/analytics.internal.example.com/api/send?...This is particularly problematic for self-hosted services like Umami: the proxy path leaks the user's internal domain (
analytics.internal.example.com) to the public, exposing private infrastructure details that should never appear in client-facing URLs.Even for SaaS services, exposing the raw hostname:
🆕 The solution you'd like
Hi @harlan-zw, rather than offering a half-baked solution based on my limited knowledge and AI assistance, I’d prefer to leave the implementation details to your expertise. By the way, really appreciate your hard work.
🔍 Alternatives you've considered
No response
ℹ️ Additional info
No response