An “Origin” is the location where the original images or web content is stored. It is necessary to specify the Origin, as ImageEngine uses this information to allow an Engine to access the origin's content through its delivery address.
For an example of an origin, if your website URL is
https://example.com and images are served from a subfolder,
https://example.com//images/cat.jpg, the origin is
Any web server which is accessible over HTTP or HTTPS can be configured as an origin in ImageEngine. This allows you to use ImageEngine's real-time image optimization and transformation features on all existing images.
An origin can be the URL of your website, an online storage service like Amazon S3, or Google Cloud Storage, or other 3rd party services. The only requirement is that the images stored at the origin be available through common internet protocols.
The origin page lists the registered Origin servers for the ImageEngine account. You can edit the configuration from the “Edit” button. If you want to delete an Origin, make sure that it is not used by any Engines.
Creating a new Origin
New Origins may be created directly from the Origin list, accessible from the sidebar, or while editing the configuration of an existing Engine.
When creating a new origin, we require the user to select the protocol used for the Origin, the Origin host address (whether that be a Fully Qualified Domain Name(FQDN) or an IP address), or bucket name (only in the case of Amazon S3). Finally, a name for the record is required.
For the Techies out there, the URI schema for an Origin looks like this:
Once the required information is added, click "Create Origin" to save the record.
Under “Show Advanced Options” you will find options that vary depending on the protocol selected.
Web location (HTTP and HTTPS)
Alternate Host Header
If the Origin host or IP serves multiple sites, domains or for another purpose requires a specific host header, this may be entered in the Alternate Host Header field.
The value of the Alternate Host Header field is required to be a fully qualified domain name as documented here.
Username and Password
If the user and password verification are required for the origin, you may enter these credentials here.
Path and Port
By default, images can be referenced from the root of the specified origin location. If you have a deep hierarchy of sub-folders, a path can be added to the Origin. ImageEngine will then treat that path as the root of the Origin.
You may also specify a specific Port for ImageEngine to use when accessing the Origin.
Using the S3 protocol
ImageEngine also supports S3 protocol for easy S3 integration. S3 is available for AWS or Wasabi origins.
If you have images stored in an AWS S3 bucket, choose S3:// (AWS) as the protocol and input your S3 bucket name, and any additional subfolders if needed.
If your S3 bucket is on Wasabi, choose S3:// (Wasabi).
If using the S3 protocol, the only Advanced setting available is specifying the path to the required content if it is required.
S3 as a web location
S3 can also be set up as a web location. For this, the bucket must be available in your browser using this scheme for a hostname:
<https://<bucket>.s3.amazonaws.com/<file> , alternatively
If you want to use HTTP, then select HTTP from the drop-down and type in the fully qualified hostname. Note that if you want HTTPS, you will need to use the notation with the bucket name in the path: s3-<location>.amazonaws.com/<bucket>/.
Ensure the contents of your bucket are publicly accessible by adding a bucket policy:
For S3 on Wasabi, follow the same procedure, just change the hostname, like wasabisys.com.
Google Cloud Storage
Google Cloud Storage is treated as a web location. If you have your images stored on Google Cloud, make sure the bucket is publicly available. Then you can define your Origin with storage.googleapis.com as the Origin host, and the bucket name and any sub-folders in your bucket, as the path in the web location.
Editing an Existing Origin
Clicking an Engine’s edit button will bring up its settings.
Here you can change the Origin’s name and URL if needed
Under “Show Advanced Options” you will find the option to set alternate host headers, specify a specific username and password for ImageEngine to use when accessing the origin, as well as specifying a particular path or port.
Below the Origin Details, a table is presented listing the engines, if any that are using the origin.
Below this is the “Danger Zone” here you may delete the Origin.
However, this action cannot be taken when the origin is in use.
Always make sure to save any changes you make to the origin!
ImageEngine usually has a cache hit rate in the high-90s, shielding the origin from most of the web traffic. Still, how the origin is configured has an impact on performance.
ImageEngine reads the HTTP response headers from the origin. The
cache-control header is especially important as it determines how long an object is kept in the cache. A low time to live (TTL) defined in the origin response, means more origin traffic because ImageEngine’s copy of the image must be revalidated more frequently.
We recommend a TTL of at least one week (604,800 seconds). For example, this HTTP response header sets the cache TTL to one week:
The minimum allowed TTL is 1 hour. Values lower than 1 hour will be automatically increased to one hour.
The cache behavior can also be overridden in the control panel.
Slow Responding Origins
Sometimes the origin is so slow that the request from ImageEngine times out, resulting in an error message. Make sure the origin is configured to respond as quickly as possible. Amazon S3 is known to be slow. In cases where you experience origin timeouts, the timeout limit can be adjusted.
If additional security is needed to shield the origin from DDOS attacks or other malicious activity, please reach out to our customer success team to explore the options. Web Application Firewall (WAF) may be available at an additional cost.
In addition to username and password authentication, ImageEngine supports authentication through certificates, IP filters, access tokens, or other means depending on the situation.
SSL/TLS is supported by default. We support custom certificates in enterprise agreements only.
Lastly, with ImageEngine you can implement Content-Security-Policies and Feature-Policies.