Suspicious HTTP Requests

Hello. I have my Ghost installation behind Cloudflare, and, well to say the least the configuration is adequate. I noticed while tinkering with the configuration that when I visit the /ghost/#/signin path in my browser it makes several suspicious looking HTTP requests to various domains:

  2. [redacted]
  3. [redacted] - There are nearly 100 of these

These requests mostly appear to be downloading images or favicons for … maybe other Ghost websites? I tried blocking the URLs via Cloudflare but they went through anyway, but uBlock origin on the client was able to stop them from going through.

A few important details:

  1. I’m using DNS over HTTPS on Firefox;
  2. I do not have any unofficial themes or plugins installed;
  3. The requests appear to be 200 and while rsms is downloading font files, the subpabase url is downloading and caching a bunch of webp files in my browser.;
  4. I tried visiting the website on another device and the same requests were made, indicating this is not likely to be a browser or client error.
  5. Referrer is listed as

Does anyone have any idea what these requests are and how I might disable them for my website visitors?

Does anyone have any idea what these requests are?

I don’t see the Algolia requests when I try the same URL request on my Ghost blog, that’s that’s a website search engine tool.

It seems is used as part of featuring some other Ghost blogs from Ghost Explore on the admin dashboard. appears to a personal blog. Perhaps it’s related to a specific site that was recommended to you from Ghost Explore, somewhat randomly.

how I might disable them for my website visitors?

The page you visited it /ghost/#/signin is not a page for for your visitors, it’s where you login to your own admin area. If you are concern about third-party requests affecting your website visitors, you should check pages that the public visits, not your admin area.

The Configuration documentation on privacy documents a few things you can turn off if you wish:

Today, those include “update check”, “gravatar”, “RPC Ping” and “Structured Data”.

That page links to another page on Ghost Privacy which adds some details:

But that link is out of date. A more accurate link is here:

@Kevin Could you forward a suggestion to the right person to update the Privacy config docs to use an evergreen link to

@developer Also see this post: You don’t have to use the dashboard. You can bookmark other admin features and go straight there. Is there a way to disable / bypass the dashboard?

Thank you for your reply. After closer inspection it appears that the requests were being sent from the ghost explore tab, which apparently loads content even before the user is logged in. The search engine is the search function on the page.

Please note my previous statement regarding Unsplash was incorrect.