Allowlist Standard
Proxy Interceptor // Compliance Layer

DATE: 2026-02-15

Document ID: PI-STD-301
Revision: 1.2
Authority: Engram Compliance Office
Status: APPROVED FOR RELEASE: SEC-LEVEL-3

1. Introduction

This standard defines the mandatory procedures for configuring request filtering on all outbound proxy gateways. Failure to comply is a critical security violation.

2. Domain Filtering Rules

All domains must be explicitly whitelisted. Wildcards are only permitted for subdomains of verified internal services.

ALLOWED: - *.engram-internal.net - api.stripe.com (Payment Gateway) - aws.amazon.com (Infrastructure) BLOCKED: - * (Default Deny) - social-media-apis.* - unsecured-http://*

3. Header Sanitization

The proxy must strip all identifying headers that are not strictly required for the transaction. User-Agent should be normalized.

APPROVAL NOTE: SEC-LEVEL-3 RELEASE STATUS REMAINS VALID ONLY WHILE THESE CONTROLS ARE ACTIVE IN PRODUCTION.

Allowlist StandardProxy Interceptor // Compliance Layer

1. Introduction

2. Domain Filtering Rules

3. Header Sanitization

Allowlist Standard
Proxy Interceptor // Compliance Layer