1
Step 1: Generate a Secret Subdomain
To hide your true origin on your managed platform, you first need to create a secret, unguessable subdomain.
- Generate a Random String: Use a secure tool to generate a random hex string (e.g., from an online UUID4 generator like
uuidgenerator.net). Example:a7c3f1b9d4e84f5a8c7b6e2d1f0a9b3c. - Form Your Secret Subdomain: Combine the random string with your domain. Example:
a7c3f1b9d4e84f5a8c7b6e2d1f0a9b3c.example.com.
2
Step 2: Connect Your Platform to the Secret Subdomain
Log in to your managed platform (e.g., Shopify) and follow their instructions to connect a custom domain. When they ask for DNS settings, use your **secret subdomain **created during Step 1.
- In your DNS provider, create a new
CNAMErecord. - Set the Host/Name to your random string (e.g.,
a7c3f1b9d4e84f5a8c7b6e2d1f0a9b3c). - Set the Value/Target to the hostname your platform provides (e.g.,
shops.myshopify.com). - Go back to your platform’s dashboard and wait for them to verify the connection. This is a crucial step.
3
Step 3: Add Your Main Domain to Kyvic
In your Kyvic Console, go to Services → Aegis → Protected Domains, then add your main, public-facing domain (for example,
www.example.com).When adding your domain, you’ll need to tell Kyvic where your website is hosted. For the origin hostname, enter your full secret subdomain from Step 1 (e.g., a7c3f1b9d4e84f5a8c7b6e2d1f0a9b3c.example.com).Our platform will then provide you with the necessary DNS records for the next steps.4
Step 4: Point Your Main Domain to Kyvic
Now for the final DNS change, where you make the protection live. You will point your main public domain (e.g.,
www.example.com) to the Kyvic Aegis network.- Log in to your domain registrar or DNS provider (e.g., GoDaddy, Cloudflare).
- Find the DNS record for your
wwwsubdomain. If one doesn’t exist, create it. - Update the record to the following settings:
- Type:
CNAME - Name:
www - Target/Value:
aegis.kyvic.com
- Type:
5
Step 5: Activate Your SSL Certificate
To keep your site secure with HTTPS, we need to verify your domain ownership.
- In your Kyvic Console, navigate through Services → Aegis → Protected Domains → DNS Configuration. On the DNS Configuration tab, you should see one or two TXT records with names such as
_acme-challenge. - Copy these TXT records and add them to your DNS provider. This is a one-time verification step to confirm ownership of your domain.
- Once you’ve added the records, our system will automatically detect them and issue a free SSL certificate for your domain. The certificate is fully managed, so you don’t need to worry about renewals or expiration.
6
Step 6 (Recommended): Use Relative Paths for All Internal Resources
While most managed platforms handle this automatically, if you’re editing your site’s theme or adding any custom code (HTML, CSS, or JavaScript), we strongly recommend using relative paths for all your resources. This includes links, images, stylesheets, scripts, and API calls.
HTML / JSX
- ✅ Good:
<a href="/about-us"> - ❌ Bad:
<a href="https://your-site.com/about-us">
CSS
This applies to@import rules and url() functions for fonts or background images.- ✅ Good:
body { background-image: url('/images/background.jpg'); } - ❌ Bad:
body { background-image: url('https://your-site.com/images/background.jpg'); }
JavaScript & API Calls
This is critical for Single Page Applications (SPAs).- ✅ Good:
fetch('/api/data'); - ❌ Bad:
fetch('https://your-site.com/api/data');
7
Step 7: Verifying Your Setup
Once DNS propagation is complete, a “Protected” badge will appear next to your domain, showing that your site is now safeguarded against harmful bots and AI scrapers.
Although the process can take up to 48 hours, it typically completes within a few minutes to a couple of hours.
That's it! Your are all set!
🥳 Congratulations, your website is now protected by Kyvic Aegis.