diff --git a/app/Http/Controllers/SubscriptionController.php b/app/Http/Controllers/SubscriptionController.php
index 4205b36..8cc0213 100644
--- a/app/Http/Controllers/SubscriptionController.php
+++ b/app/Http/Controllers/SubscriptionController.php
@@ -45,8 +45,8 @@ class SubscriptionController extends Controller
         $checkout = $checkoutBuilder
             ->collectTaxIds()
             ->checkout([
-                'success_url' => url('/subscriptions/success'),
-                'cancel_url' => url('/subscriptions/error'),
+                'success_url' => front_url('/subscriptions/success'),
+                'cancel_url' => front_url('/subscriptions/error'),
                 'billing_address_collection' => 'required',
                 'customer_update' => [
                     'address' => 'auto',
diff --git a/app/Http/Middleware/AuthenticateJWT.php b/app/Http/Middleware/AuthenticateJWT.php
index 7fc10ef..8cbc86b 100644
--- a/app/Http/Middleware/AuthenticateJWT.php
+++ b/app/Http/Middleware/AuthenticateJWT.php
@@ -8,6 +8,7 @@ use Tymon\JWTAuth\Exceptions\JWTException;
 
 class AuthenticateJWT
 {
+    const API_SERVER_SECRET_HEADER_NAME = 'x-api-secret';
 
     /**
      * Verifies the JWT token and validates the IP and User Agent
@@ -24,6 +25,13 @@ class AuthenticateJWT
 
         // Validate IP and User Agent
         if ($payload) {
+            if ($frontApiSecret = $request->header(self::API_SERVER_SECRET_HEADER_NAME)) {
+                // If it's a trusted SSR request, skip the rest
+                if ($frontApiSecret === config('app.front_api_secret')) {
+                    return $next($request);
+                }
+            }
+
             $error = null;
             if (!\Hash::check($request->ip(), $payload->get('ip'))) {
                 $error = 'Origin IP is invalid';
diff --git a/app/Jobs/Form/StoreFormSubmissionJob.php b/app/Jobs/Form/StoreFormSubmissionJob.php
index 8361f04..198bb2c 100644
--- a/app/Jobs/Form/StoreFormSubmissionJob.php
+++ b/app/Jobs/Form/StoreFormSubmissionJob.php
@@ -164,14 +164,14 @@ class StoreFormSubmissionJob implements ShouldQueue
             return null;
         }
 
-        if(filter_var($value, FILTER_VALIDATE_URL) !== FALSE && str_contains($value, parse_url(config('app.url'))['host'])) {  // In case of prefill we have full url so convert to s3
+        if(filter_var($value, FILTER_VALIDATE_URL) !== false && str_contains($value, parse_url(config('app.url'))['host'])) {  // In case of prefill we have full url so convert to s3
             $fileName = basename($value);
             $path = FormController::ASSETS_UPLOAD_PATH . '/' . $fileName;
             $newPath = Str::of(PublicFormController::FILE_UPLOAD_PATH)->replace('?', $this->form->id);
             Storage::move($path, $newPath.'/'.$fileName);
             return $fileName;
         }
-        
+
         if($this->isSkipForUpload($value)) {
             return $value;
         }
diff --git a/app/Models/Forms/Form.php b/app/Models/Forms/Form.php
index aaf280f..53c4039 100644
--- a/app/Models/Forms/Form.php
+++ b/app/Models/Forms/Form.php
@@ -157,12 +157,12 @@ class Form extends Model implements CachableAttributes
         if ($this->custom_domain) {
             return 'https://' . $this->custom_domain . '/forms/' . $this->slug;
         }
-        return '/forms/' . $this->slug;
+        return front_url('/forms/' . $this->slug);
     }
 
     public function getEditUrlAttribute()
     {
-        return url('/forms/' . $this->slug . '/show');
+        return front_url('/forms/' . $this->slug . '/show');
     }
 
     public function getSubmissionsCountAttribute()
diff --git a/app/Models/Template.php b/app/Models/Template.php
index 59c42e3..45fa38f 100644
--- a/app/Models/Template.php
+++ b/app/Models/Template.php
@@ -48,7 +48,7 @@ class Template extends Model
 
     public function getShareUrlAttribute()
     {
-        return url('/form-templates/'.$this->slug);
+        return front_url('/form-templates/'.$this->slug);
     }
 
     public function setDescriptionAttribute($value)
diff --git a/app/Notifications/ResetPassword.php b/app/Notifications/ResetPassword.php
index 9edd12f..5260531 100644
--- a/app/Notifications/ResetPassword.php
+++ b/app/Notifications/ResetPassword.php
@@ -17,7 +17,7 @@ class ResetPassword extends Notification
     {
         return (new MailMessage)
             ->line('You are receiving this email because we received a password reset request for your account.')
-            ->action('Reset Password', url('password/reset/'.$this->token).'?email='.urlencode($notifiable->email))
+            ->action('Reset Password', front_url('password/reset/'.$this->token).'?email='.urlencode($notifiable->email))
             ->line('If you did not request a password reset, no further action is required.');
     }
 }
diff --git a/app/Notifications/Subscription/FailedPaymentNotification.php b/app/Notifications/Subscription/FailedPaymentNotification.php
index f50a93f..dcb3970 100644
--- a/app/Notifications/Subscription/FailedPaymentNotification.php
+++ b/app/Notifications/Subscription/FailedPaymentNotification.php
@@ -36,6 +36,6 @@ class FailedPaymentNotification extends Notification implements ShouldQueue
             ->line(__('Please go to OpenForm, click on your name on the top right corner, and click on "Billing".
             You will then be able to update your card details. To avoid any service disruption, you can reply to this email whenever
             you updated your card details, and we\'ll manually attempt to charge your card.'))
-            ->action(__('Go to OpenForm'), url('/'));
+            ->action(__('Go to OpenForm'), front_url('/'));
     }
 }
diff --git a/app/Service/Forms/Webhooks/DiscordHandler.php b/app/Service/Forms/Webhooks/DiscordHandler.php
index 559de29..f7529f5 100644
--- a/app/Service/Forms/Webhooks/DiscordHandler.php
+++ b/app/Service/Forms/Webhooks/DiscordHandler.php
@@ -27,7 +27,7 @@ class DiscordHandler extends AbstractWebhookHandler
             $externalLinks[] = '[**🔗 Open Form**](' . $this->form->share_url . ')';
         }
         if(Arr::get($settings, 'link_edit_form', true)){
-            $editFormURL = url('forms/' . $this->form->slug . '/show');
+            $editFormURL = front_url('forms/' . $this->form->slug . '/show');
             $externalLinks[] = '[**✍️ Edit Form**](' . $editFormURL . ')';
         }
         if (Arr::get($settings, 'link_edit_submission', true) && $this->form->editable_submissions) {
diff --git a/app/Service/Forms/Webhooks/SlackHandler.php b/app/Service/Forms/Webhooks/SlackHandler.php
index 5b2faf6..f237efa 100644
--- a/app/Service/Forms/Webhooks/SlackHandler.php
+++ b/app/Service/Forms/Webhooks/SlackHandler.php
@@ -27,7 +27,7 @@ class SlackHandler extends AbstractWebhookHandler
             $externalLinks[] = '*<' . $this->form->share_url . '|🔗 Open Form>*';
         }
         if(Arr::get($settings, 'link_edit_form', true)){
-            $editFormURL = url('forms/' . $this->form->slug . '/show');
+            $editFormURL = front_url('forms/' . $this->form->slug . '/show');
             $externalLinks[] = '*<' . $editFormURL . '|✍️ Edit Form>*';
         }
         if (Arr::get($settings, 'link_edit_submission', true) && $this->form->editable_submissions) {
diff --git a/app/helpers.php b/app/helpers.php
new file mode 100644
index 0000000..e287b47
--- /dev/null
+++ b/app/helpers.php
@@ -0,0 +1,11 @@
+<?php
+
+function front_url($path = '')
+{
+    $baseUrl = config('app.front_url');
+    if (!$baseUrl) {
+        return $path;
+    }
+
+    return rtrim($baseUrl, '/'). '/' . ltrim($path, '/');
+}
diff --git a/client/components/pages/forms/show/EmbedFormAsPopupModal.vue b/client/components/pages/forms/show/EmbedFormAsPopupModal.vue
index 28c3f4e..eba53e2 100644
--- a/client/components/pages/forms/show/EmbedFormAsPopupModal.vue
+++ b/client/components/pages/forms/show/EmbedFormAsPopupModal.vue
@@ -103,6 +103,7 @@
 
 <script setup>
 import { ref, defineProps, computed } from 'vue'
+import {appUrl} from "~/lib/utils.js";
 
 const { copy } = useClipboard()
 const crisp = useCrisp()
@@ -135,7 +136,7 @@ let embedPopupCode = computed(() => {
     width: advancedOptions.value.width
   }
   previewPopup(nfData)
-  return '<script async data-nf=\'' + JSON.stringify(nfData) + '\' src=\'' + embedScriptUrl + '\'></scrip' + 't>'
+  return '<script async data-nf=\'' + JSON.stringify(nfData) + '\' src=\'' + appUrl(embedScriptUrl) + '\'></scrip' + 't>'
 })
 
 onMounted(() => {
diff --git a/client/composables/useOpnApi.js b/client/composables/useOpnApi.js
index 92ac699..99d9a5f 100644
--- a/client/composables/useOpnApi.js
+++ b/client/composables/useOpnApi.js
@@ -18,13 +18,18 @@ function addPasswordToFormRequest(request, options) {
 }
 
 export function getOpnRequestsOptions(request, opts) {
+  const config = useRuntimeConfig()
+
   opts.headers = {accept: 'application/json', ...opts.headers}
 
+  // Authenticate requests coming from the server
+  if (process.server && config.apiSecret) {
+    opts.headers['x-api-secret'] = config.apiSecret
+  }
+
   addAuthHeader(request, opts)
   addPasswordToFormRequest(request, opts)
 
-  const config = useRuntimeConfig()
-
   return {
     baseURL: config.public.apiBase,
     onResponseError({response}) {
diff --git a/client/lib/utils.js b/client/lib/utils.js
index 60385b8..bcb4bb0 100644
--- a/client/lib/utils.js
+++ b/client/lib/utils.js
@@ -13,3 +13,21 @@ export const hash = (str, seed = 0) => {
 
   return 4294967296 * (2097151 & h2) + (h1 >>> 0);
 }
+
+export const appUrl = (path = '/') => {
+  let baseUrl = useRuntimeConfig().public.appUrl
+  if (!baseUrl) {
+    console.warn('appUrl not set in runtimeConfig')
+    return path
+  }
+
+  if (path.startsWith('/')) {
+    path = path.substring(1)
+  }
+
+  if (!baseUrl.endsWith('/')) {
+    baseUrl += '/'
+  }
+
+  return baseUrl + path
+}
diff --git a/client/pages/index.vue b/client/pages/index.vue
index b1a2a4c..b1f0f18 100644
--- a/client/pages/index.vue
+++ b/client/pages/index.vue
@@ -86,11 +86,11 @@
           class="w-full mt-12 relative px-6 mx-auto max-w-4xl sm:px-10 lg:px-0 z-10 flex items-center justify-center"
         >
           <div
-            class="-m-2 rounded-xl bg-blue-900/5 p-2 backdrop-blur-sm ring-1 ring-inset ring-blue-900/10 lg:-m-4 lg:rounded-2xl lg:p-4"
+            class="-m-2 rounded-xl bg-blue-900/5 p-2 backdrop-blur-sm ring-1 ring-inset ring-blue-900/10 lg:-m-4 lg:rounded-2xl lg:p-4 w-full"
           >
-            <NuxtImg src="/img/pages/welcome/product-cover.jpg" placeholder
-                     sizes="320px sm:650px lg:900px"
-                 alt="Product screenshot" loading="lazy" class="rounded-md shadow-2xl ring-1 ring-gray-900/10"
+            <NuxtImg src="/img/pages/welcome/product-cover.jpg"
+                     sizes="320px sm:650px lg:896px"
+                 alt="Product screenshot" loading="lazy" class="rounded-md w-full shadow-2xl ring-1 ring-gray-900/10"
             />
           </div>
         </div>
diff --git a/client/runtimeConfig.js b/client/runtimeConfig.js
index d7a4bf5..7cb4b21 100644
--- a/client/runtimeConfig.js
+++ b/client/runtimeConfig.js
@@ -13,5 +13,10 @@ export default {
     s3Enabled: process.env.NUXT_PUBLIC_S3_ENABLED || false,
     paidPlansEnabled: process.env.NUXT_PUBLIC_PAID_PLANS_ENABLED || false,
     customDomainsEnabled: process.env.NUXT_PUBLIC_CUSTOM_DOMAINS_ENABLED || false,
-  }
+  },
+
+  /**
+   * Used to authenticate that the requests are coming from the server - not from a client.
+   */
+  apiSecret: process.env.NUXT_API_SECRET || '',
 }
diff --git a/composer.json b/composer.json
index a72810e..95b9f69 100644
--- a/composer.json
+++ b/composer.json
@@ -80,7 +80,10 @@
       "App\\": "app/",
       "Database\\Factories\\": "database/factories/",
       "Database\\Seeders\\": "database/seeders/"
-    }
+    },
+    "files": [
+      "app/helpers.php"
+    ]
   },
   "autoload-dev": {
     "psr-4": {
diff --git a/config/app.php b/config/app.php
index 065725d..bf0d7a0 100644
--- a/config/app.php
+++ b/config/app.php
@@ -56,6 +56,15 @@ return [
 
     'asset_url' => env('ASSET_URL', null),
 
+    /*
+    |--------------------------------------------------------------------------
+    | Application Client (Nuxt Front-end)
+    |--------------------------------------------------------------------------
+    */
+
+    'front_url' => env('FRONT_URL', null),
+    'front_api_secret' => env('FRONT_API_SECRET', null),
+
     /*
     |--------------------------------------------------------------------------
     | Application Timezone
diff --git a/resources/views/vendor/mail/text/message.blade.php b/resources/views/vendor/mail/text/message.blade.php
index c667fab..e2e0026 100644
--- a/resources/views/vendor/mail/text/message.blade.php
+++ b/resources/views/vendor/mail/text/message.blade.php
@@ -2,7 +2,7 @@
     {{-- Header --}}
     @slot('header')
         @if (!(isset($noBranding) && $noBranding))
-            @component('mail::header', ['url' => config('app.url')])
+            @component('mail::header', ['url' => front_url()])
                 {{ config('app.name') }}
             @endcomponent
         @endif