HTTPS required for images
Signal enforces HTTPS for images. An HTTP og:image URL is silently ignored, even if the page itself is HTTPS:
<!-- Won't work -->
<meta property="og:image" content="http://example.com/images/preview.jpg">
<!-- Will work -->
<meta property="og:image" content="https://example.com/images/preview.jpg">
The URL must also be absolute. Signal won’t resolve /images/preview.jpg against the page URL.
iOS-specific image bugs
There are known issues with og:image on Signal iOS. Images that work on Android and Desktop sometimes fail on iOS, and the behavior is intermittent and version-dependent. If you hit this:
- Verify the image returns proper
Content-Typeheaders (image/jpeg,image/png) - Check the file size is under 500KB
- Try a different image URL to rule out a URL-specific issue
Range request support
Signal downloads images using overlapping range requests through its privacy proxy. Your server must return 206 Partial Content when a Range header is present. Most servers handle this by default, but some CDN configs strip Range headers.
If your server returns 200 OK instead of 206, Signal may fail to assemble the image.
CDN and bot protection
Signal’s privacy proxy can trigger bot-detection or hotlink-protection rules. Watch for:
- Hotlink protection requiring a specific
Refererheader - Bot detection (Cloudflare, Akamai) challenging non-browser requests
- Signed URLs that expire before the proxy fetches them
- Geo-blocking on the proxy’s IP range
Diagnosis
- Open the
og:imageURL directly in a browser - Confirm the URL is absolute HTTPS
- Confirm JPEG, PNG, WebP, or GIF (not SVG)
- Test range request support:
bash curl -H "Range: bytes=0-1023" -A "WhatsApp/2" https://example.com/images/preview.jpg -I - Compare behavior across Signal iOS, Android, and Desktop to isolate platform-specific issues