Use the IP whitelist and proxy/CDN options when trusted systems need to bypass protection or when the store sits behind Cloudflare, a reverse proxy, or a load balancer.

Whitelist trusted IPs

Add one IP address or CIDR range per line in the whitelist field. Whitelisted traffic is treated as trusted, so only add services you control.

203.0.113.10
198.51.100.0/24

Proxy and CDN handling

Proxy Support is included in the free version as a simple checkbox that turns on trust for X-Forwarded-For and similar proxy headers. The Pro version replaces the checkbox with a three-mode dropdown: Auto-detect (recommended), Always On (trusts generic proxy headers), and Off (uses the direct connection only).

Common mistakes

• Whitelisting a shared office, VPN, or hosting range that is not fully trusted.
• Leaving proxy support off when every request reaches WordPress from the CDN IP.
• Enabling Strict mode before confirming the detected shopper IP is correct.

Related

See API Keys for Headless or Custom Checkout for trusted server-side integrations and Troubleshooting Blocked Orders and False Positives when proxy detection causes false positives.