PhotoPrism® Pro includes the following additional config options, as well as more secure default settings to protect your instance by blocking vulnerability scanners and preventing the exploitation of newly discovered issues:

Environment CLI Flag Default Description
PHOTOPRISM_DISABLE_STS --disable-sts disable HTTP Strict-Transport-Security (STS) header pro
PHOTOPRISM_STS_SECONDS --sts-seconds 31536000 TIME for the browser to remember that the site is to be accessed only via HTTPS (0 to disable) pro
PHOTOPRISM_STS_SUBDOMAINS --sts-subdomains rule applies to all subdomains as well pro
PHOTOPRISM_STS_PRELOAD --sts-preload submit to Google's HSTS preload service pro
PHOTOPRISM_REQUEST_LIMIT --request-limit 500 maximum number of concurrent HTTP REQUESTS allowed from a single IP pro
PHOTOPRISM_REQUEST_INTERVAL --request-interval 5ms average DURATION between HTTP requests from a single IP (0-1000ms) pro
PHOTOPRISM_LOGIN_LIMIT --login-limit 10 maximum number of consecutive failed LOGIN ATTEMPTS from a single IP pro
PHOTOPRISM_LOGIN_INTERVAL --login-interval 1m0s average DURATION between failed LOGIN attempts from a single IP (0-86400s) pro
PHOTOPRISM_IPS_LIMIT --ips-limit 3 maximum number of malicious request ATTEMPTS before a client IP is blocked (-1 to disable) pro
PHOTOPRISM_IPS_INTERVAL --ips-interval 1h0m0s average DURATION between malicious request attempts from a single IP (0-86400s) pro
PHOTOPRISM_HTTP_CSP --http-csp HTTP Content-Security-Policy (CSP) HEADERpro
PHOTOPRISM_HTTP_CTO --http-cto nosniff HTTP X-Content-Type-Options HEADERpro
PHOTOPRISM_HTTP_COOP --http-coop same-origin HTTP Cross-Origin-Opener-Policy (COOP) HEADERpro
PHOTOPRISM_HTTP_REFERRER_POLICY --http-referrer-policy same-origin HTTP Referrer-Policy HEADERpro
PHOTOPRISM_HTTP_FRAME_OPTIONS --http-frame-options DENY HTTP X-Frame-Options HEADERpro
PHOTOPRISM_HTTP_XSS_PROTECTION --http-xss-protection 1; mode=block HTTP X-XSS-Protection HEADERpro
PHOTOPRISM_HTTP_HOSTNAME --http-hostname serve requests for this HOSTNAME only pro

Using a Reverse Proxy

Advanced users can alternatively set the security headers listed above in combination with a reverse proxy running in front of their instances if they have special requirements. Please note, however, that our team can only provide you with limited technical support in this case and we only recommend this if you have the experience required.

PhotoPrism® Documentation

For detailed information on specific product features, services, and related resources, see our Knowledge Base, or read the User Guide for help using the web user interface: