URL must be http(s) and not private/localhost
How to fix the Scrnpix API error when the target URL resolves to a private, localhost, or non-HTTP address.
When Does This Happen?
This error occurs when the url parameter points to a private IP address, localhost, link-local address, or uses a non-HTTP protocol. Scrnpix blocks these addresses to prevent server-side request forgery (SSRF) attacks.
Reproduce This Error
curl -H "X-KEY: your-api-key" \ "https://api.scrnpix.com/screenshot?url=http%3A%2F%2Flocalhost%3A3000"
URL must be http(s) and not private/localhost
How to Fix
- 1Use a publicly accessible URL that resolves to a public IP address
- 2Make sure the URL uses http:// or https:// protocol (not ftp://, file://, etc.)
- 3If testing locally, deploy your site to a public host or use a tunneling service
- 4Avoid private IP ranges: 10.x.x.x, 172.16-31.x.x, 192.168.x.x, 127.x.x.x
Correct Request
curl -H "X-KEY: your-api-key" \ "https://api.scrnpix.com/screenshot?url=https%3A%2F%2Fexample.com" \ --output screenshot.png
200 OK — returns the screenshot as a PNG image
Related Errors
Frequently Asked Questions
Why does Scrnpix block private URLs?
Scrnpix blocks private and localhost URLs to prevent SSRF (Server-Side Request Forgery) attacks. These protections ensure the API cannot be used to access internal services or private networks.
Which IP ranges are blocked?
Scrnpix blocks localhost (127.x.x.x), private ranges (10.x.x.x, 172.16-31.x.x, 192.168.x.x), link-local (169.254.x.x), CGNAT (100.64-127.x.x), IPv6 ULA (fc/fd), and multicast addresses. DNS resolution is validated via Cloudflare DNS-over-HTTPS.
Still Having Issues?
Check your API key and subscription status in the dashboard, or explore our language guides for integration examples.
Go to Dashboard