Allowlist / Denylist
FreshAntigravity uses a two-layer security system to control which URLs the browser subagent can access.
Denylist (Server-Side)
- Powered by Google Superroots BadUrlsChecker service
- Runs server-side -- no local configuration needed
- Denies by default if the service is unavailable
WARNING
The denylist always takes precedence over the allowlist. Even if you explicitly allowlist a URL, it will be blocked if it appears on Google's denylist.
Allowlist (Local)
- Stored as a local text file
- Initialized with localhost by default
- Non-allowlisted URLs prompt an "always allow" button when accessed
Managing the Allowlist
| Action | How |
|---|---|
| Add a URL | Click "always allow" when prompted, or manually add to the allowlist file |
| Remove a URL | Edit the allowlist file directly |
Security Precedence
URL requested
--> Check Denylist (server-side)
--> BLOCKED: URL is denied (no override possible)
--> ALLOWED: Check Allowlist (local)
--> ALLOWED: URL is on allowlist, proceed
--> NOT LISTED: Prompt user with "always allow" optionTIP
For development, the default localhost allowlist is usually sufficient. Add your staging and production domains as needed.