diff --git a/server/models/systemSettings.js b/server/models/systemSettings.js
index e4c0f949965bb72bf6aebc978698920a1cd9a688..9809a716e5cf4b6b49b080e114b7e718f0f846ec 100644
--- a/server/models/systemSettings.js
+++ b/server/models/systemSettings.js
@@ -2,6 +2,7 @@ process.env.NODE_ENV === "development"
   ? require("dotenv").config({ path: `.env.${process.env.NODE_ENV}` })
   : require("dotenv").config();
 
+const { isValidUrl } = require("../utils/http");
 const prisma = require("../utils/prisma");
 
 const SystemSettings = {
@@ -18,8 +19,10 @@ const SystemSettings = {
   validations: {
     footer_data: (updates) => {
       try {
-        const array = JSON.parse(updates);
-        return JSON.stringify(array.slice(0, 3)); // max of 3 items in footer.
+        const array = JSON.parse(updates)
+          .filter((setting) => isValidUrl(setting.url))
+          .slice(0, 3); // max of 3 items in footer.
+        return JSON.stringify(array);
       } catch (e) {
         console.error(`Failed to run validation function on footer_data`);
         return JSON.stringify([]);
diff --git a/server/utils/http/index.js b/server/utils/http/index.js
index 084b09c7ed7b5ee807569ea39a9649c1a3f1cac6..eedc33154085f5f066e76faffd71922489102df6 100644
--- a/server/utils/http/index.js
+++ b/server/utils/http/index.js
@@ -68,6 +68,15 @@ function safeJsonParse(jsonString, fallback = null) {
   return fallback;
 }
 
+function isValidUrl(urlString = "") {
+  try {
+    const url = new URL(urlString);
+    if (!["http:", "https:"].includes(url.protocol)) return false;
+    return true;
+  } catch (e) {}
+  return false;
+}
+
 module.exports = {
   reqBody,
   multiUserMode,
@@ -77,4 +86,5 @@ module.exports = {
   userFromSession,
   parseAuthHeader,
   safeJsonParse,
+  isValidUrl,
 };