Signing pagespeed resource URLs
Restricting and Controlling PageSpeed optimization rewriting
Note: New feature as of 188.8.131.52
PageSpeed can be set to automatically cryptographically sign and verify resource URLs. Turning on resource signing will cause any resource requested without the proper signature to return
404 Not Found or
403 Forbidden depending upon the
InPlaceResourceOptimization setting. This option can be used to reduce the attack surface for denial of service attacks.
pagespeed UrlSigningKey signature_key_string
Resource signing can also be turned on, but not enforced, which may be used for the transition period of moving a site from unsigned resourced to signed resources. In this mode, signed URLs are generated and accepted, as well as URLs with no signature and URLs with invalid signatures.
pagespeed AcceptInvalidSignatures true
This directive can be used at the server level.