Contact usRequest a demo

Managing restricted resources without the SecureFlow Manager

While the Unblu SecureFlow Manager (SFM) is the high path to managing protected, session-based or encrypted resources in an embedded co-browsing session, there are alternatives for at least three cases where internal resources are being used.

This page lists options and alternatives to manage resources without the SFM. “Protected” means that resources require authentication.

Resource Type Availability without SFM Availability with SFM Workaround

Static & Public



Not required

Static & Protected



Possible (Case A)

Dynamic / Session-based & protected



Possible (Case B)

Encrypted URL




Dynamic & Public



Similar to case B


To manage access to resources for the Agent Desk without the SecureFlow Manager:

Case A

Resources can be provided to agent browser through the following mechanisms:

  • The Bank needs to ensure that the same resources are internally available under a different, internal URL, without the need to authenticate. This is often possible for images and CSS files that aren’t of a confidential nature.

  • The Unblu server can be configured to rewrite the original resources URL to an internal URL (host). The agent browser will access the resources from the internal resource as opposed to the protected external path.

  • For the re-writing, the Unblu server provides configuration properties to rewrite resource patterns automatically:


Case B

Session-specific resources (images only) can be provided to the agent browser through the following mechanism:

  • The instrumented web application must provide access to the relevant resource by providing it on another URL/host—​either by providing an alternative path or a copy on an alternative path.

  • The e-banking (instrumented application) must feature logic in which all session specific resources are assigned a new, additional source attribute called unbluSrcReplacement AND the alternative internal URL.

  • For all agent requests, the Unblu recorder recognizes the unbluSrcReplacement attribute and ensures that the agent browser loads the resource from this alternative URL as opposed to the original URL.


  • The application has a dynamic (or session-based) image:

    <img id="chartData" src="session-specific-url-to-image"/>

  • The application (or an internal network component) provides access to that image through an internal URL, i.e. “agent-side-url”

  • The application (instrumented webpage) modifies the image element as follows:

    <img id="chartData" src="session-specific-url-to-image" unbluSrcReplacement="agent-side-url"/>