Heroku has no native static IP, and its add-ons (QuotaGuard, Fixie) are US companies. Get a fixed pair of EU IPs from an EU-based, GDPR-compliant, sovereign provider. Set one env var and your dynos are covered.
# heroku config:set
HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443
# app.py
import requests
r = requests.get(
"https://api.partner.eu/data",
headers={"Authorization": "Bearer .."}
)
Heroku dynos get dynamic egress from rotating AWS pools, the platform has no native static IP feature, and every existing add-on is a US company. If you care about EU data residency, that leaves a gap.
Heroku itself does not offer a fixed outbound IP. Dynos pull from dynamic AWS IP pools that rotate constantly. If a partner API or firewall only allows known addresses, your Heroku app gets blocked.
The static IP ecosystem on Heroku, QuotaGuard and Fixie, are both US-based. Your proxy traffic routes through US infrastructure, which doesn't solve the GDPR data-residency side for EU teams.
Heroku announced a "sustaining engineering model" in 2025: no new features, no new enterprise clients. Relying on its add-on ecosystem for something as critical as your outbound identity feels increasingly uncertain.
Even if you use a Heroku add-on for a static IP, none of them are EU companies. Your data flows through US-owned proxy infrastructure, which doesn't satisfy teams that need a sovereign, EU-resident provider for their outbound traffic.
"Your static IP add-on routes through a US company. Can we get a sovereign EU one?"
You need an EU-based, GDPR-compliant provider, not another US middleman on a platform in sustaining mode.
Heroku dyno
OutboundGateway
(EU company, GDPR)
Partner API
Your Heroku dynos get a fixed pair of EU IP addresses from an EU-based company that is GDPR-compliant by default. Two IPs with automatic failover, no US middleman.
heroku config:set and your existing code starts routing through it. No dyno restart needed.
Currently using QuotaGuard or Fixie on Heroku but need a sovereign, EU-based, GDPR-compliant alternative.
Running Heroku Connect integrations with Salesforce or partner APIs that enforce IP allowlisting, who want an EU egress.
Running EU products on Heroku that need GDPR-aligned outbound access from a fixed EU address, not a US add-on.
Preparing to leave Heroku's sustaining-engineering model and want an IP provider that follows them to any platform.
Set HTTPS_PROXY with heroku config:set. Your dynos pick it up on the next request. No dyno restart, no add-on install.
This is the same pattern as setting a QuotaGuard or Fixie URL, except your proxy is an EU company. Set it once and every dyno uses it.
# Set the proxy on your Heroku app
heroku config:set HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443
# Your existing code works as-is
import requests
# requests honours HTTPS_PROXY from the environment automatically
r = requests.get(
"https://api.partner.eu/data",
headers={"Authorization": "Bearer .."},
)
print(r.status_code) # 200, from your fixed EU IP
In Node, pass the proxy explicitly with https-proxy-agent.
// heroku config:set HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443
const { HttpsProxyAgent } = require('https-proxy-agent');
const agent = new HttpsProxyAgent(process.env.HTTPS_PROXY);
// Every request leaves through your fixed EU IP
const res = await fetch('https://api.partner.eu/data', {
headers: { 'Authorization': 'Bearer ..' },
agent,
});
Two EU IPs, no add-on dependency
Your account comes with two static IP addresses (for example 51.xx.xx.10 and 51.xx.xx.11). Both are in EU data centres owned by an EU company. If one proxy node is briefly unavailable, traffic shifts to the other automatically. No Heroku add-on involved, so you're not dependent on a third-party add-on provider's uptime.
📖 Want the longer version? Worked examples, error handling, and other languages are in the Python SSL Proxy Guide, Node.js Guide, and the rest of the docs.
OutboundGateway is an EU company. Heroku and its add-ons are not. That matters when your compliance team asks who handles your outbound traffic.
OutboundGateway is incorporated and operated in the EU. Your proxy traffic is handled by a company within your regulatory jurisdiction, not a US provider behind a Heroku add-on.
TLS passes straight through, so the proxy never decodes your API tokens or request payloads. Being an EU company means GDPR applies natively, with no cross-border data-transfer mechanism to negotiate.
The proxy runs in EU data centres. Your Heroku dynos' outbound traffic leaves from European infrastructure, not from a US add-on provider's servers.
If you migrate off Heroku later, your IPs follow you. The proxy is a config var, not a Heroku add-on, so it works on any platform you move to.
An EU-based provider, not a US add-on. GDPR applies natively, with no cross-border transfer to negotiate.
Set one heroku config:set. No add-on install, no third-party uptime to depend on, no dyno restart.
TLS passthrough means the proxy never sees your traffic. Being an EU company means GDPR is the default, not an afterthought.
Heroku is in sustaining mode. OutboundGateway works on any platform, so your IPs follow you if you migrate.
TLS passthrough means the proxy can't read your traffic. Tokens and request data stay private the whole way.
Starting from €29/month. Flexible plans for every scale. Cancel anytime.
Replace your US add-on with an EU company. Set one config var and your outbound traffic routes through two fixed EU IPs, GDPR-compliant by default.
€29/month starter plan • 7-day refund policy • Direct founder support
QuotaGuard and Fixie are both US companies. OutboundGateway is an EU company with GDPR compliance by default and sovereign EU infrastructure. If your compliance team needs an EU-based, EU-jurisdiction provider for your outbound proxy traffic, the US add-ons don't satisfy that requirement. You also avoid the add-on dependency entirely: it's just a heroku config:set, no add-on install.
Yes. Setting HTTPS_PROXY is independent of any Heroku add-on. You can run it alongside your existing add-ons and switch traffic over gradually, then remove the old add-on once you've confirmed the new IPs are whitelisted everywhere.
Your IPs follow you. Because OutboundGateway is a config var, not a Heroku add-on, the same HTTPS_PROXY value works on any platform you move to, whether that's a VPS, Kubernetes, or another PaaS. Your partners don't need to update their allowlists.
Happy to talk through how a two-IP EU egress replaces your Heroku add-on, whether you're staying on Heroku or planning a migration.
Contact Our Founders →