HEY Image Proxy

The User-Agent always begins with the identifier hey.com/imageproxy. The full User-Agent string is:

hey.com/imageproxy Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36

When fetching images, the proxy sends the following headers.

What the proxy does

• Fetches individual images: Only requests specific image URLs that appear in emails viewed by HEY users.
• Caches responses: Stores fetched images temporarily to reduce load on origin servers.
• Respects HTTP caching: Honors Cache-Control, Etag, Last-Modified, and Expires headers.
• Follows redirects: Follows HTTP redirects (301, 302, etc.) to retrieve the final image.
• Validates content type: Only accepts image content types (image/*), rejecting HTML, scripts, and other non-image content.

What the proxy does not do

• Does not crawl: Never follows links or discovers new URLs on its own.
• Does not index: Does not store or index content for search purposes.
• Does not execute scripts: Ignores JavaScript and does not render pages.
• Does not fetch non-images: Rejects responses that are not valid images.
• Does not send referrer information: Does not leak information about where the image was referenced.

Requests originate from the following hostname:

gopher.hey.com

The IP addresses may change over time. We recommend allowing traffic based on the User-Agent pattern rather than IP addresses alone.

The proxy does not implement aggressive retry logic. If a request fails or is rate-limited, it will return an error to the user rather than repeatedly hammering the origin server.

Image hosts can safely rate-limit requests from this proxy, and a 429 Too Many Requests response will be respected.

The proxy enforces strict content validation:

• Maximum file size: 128 MB
• Allowed content types: image/* (JPEG, PNG, GIF, WebP, etc.)
• Blocked content types: HTML, JavaScript, SVG (due to script execution risks), and all non-image types

To verify a request is from the HEY Image Proxy:

• Check that the User-Agent header starts with hey.com/imageproxy.
• Check that sec-ch-ua contains "hey.com/imageproxy".
• Optionally, verify the request originates from gopher.hey.com via reverse DNS lookup.

Allowing the HEY Image Proxy benefits both image hosts and email recipients:

• Privacy protection: HEY users’ IP addresses and viewing habits are not exposed to image hosts.
• Reduced tracking: Prevents email open tracking via tracking pixels.
• Legitimate traffic: Represents real users viewing your images in their email.
• Caching reduces load: The proxy caches images, reducing repeated requests to your server.
• Standards compliant: Respects HTTP caching headers and rate limiting.

Blocking this proxy results in broken images for HEY email users, degrading their experience when viewing emails that contain images hosted on your servers.

For questions about this bot or to report issues:

• Website: hey.com
• Operator: 37signals, LLC
• Support: support@hey.com
• Source code: a private fork of willnorris/imageproxy