Security overview
Netlify can meet the complex security and compliance needs of Enterprises and cross-functional teams with customizable access to production and preview sites, SAML SSO login, SCIM provisioning, role-based access control, Firewall traffic rules, and more.
# Check your security posture
If you have an Enterprise plan, you can improve your team’s security and reduce your vulnerabilities by reviewing the Security Scorecard for your Enterprise team.
You can also check out the security checklist for more details on how Netlify can improve your security.
# Secure access to sites
Customize access control for your sites with a password prompt, login credentials, or based on site visitors’ IP address or location.
Block traffic to your site with Firewall traffic rules and set custom rate limits with our rate limiting rules.
Learn more about Secure access to sites.
# Secure Netlify access
Secure how people can access your Netlify team, resources, and sensitive information with these security features:
- SAML SSO login through an identity provider
- SCIM Directory Sync to provision users
- Secrets Controller, which allows you to protect your most sensitive secrets
- Role-based access control
- Enforce 2FA
Learn more about Secure access to Netlify
# Secure by design and at scale
Netlify’s Frontend Cloud has a reduced attack surface, offering security by design.
Netlify also offers these security features to help you stay secure as you scale:
- Proactive DDoS monitoring
- Content Security Policy
- Log Drains
- Data encrypted at rest with AES-256 or stronger
- Traffic encrypted in transit with TLS 1.2 or greater
- Private Connectivity
# Support against DDoS attacks
Even if a malicious attacker tries to take down your site, our global infrastructure and automated DDoS protection can keep your site available.
Netlify automatically detects distributed denial-of-service (DDoS) attacks and will rate limit and block malicious clients from connecting to sites hosted on our servers.
Our edge network mitigates malicious clients from impacting network performance in several ways, including:
- Global load balancing: routes traffic strategically amongst our many servers. Netlify manages these servers to ensure capacity grows as needed.
- Automatic DDoS detection: automatically identifies anomalous clients that pose a risk to your site’s availability.
- Automatic rate limiting & blocking: mitigates attacks by rate limiting and blocking identified clients from connecting to sites deployed on Netlify and hosted on our servers.
Control traffic to your site
To help you control traffic to your site, you can configure your own traffic rules and block traffic or only allow traffic from specific geographic locations or IP addresses. Learn more about Firewall Traffic Rules. This feature may be helpful for certain DDoS attacks when you have an idea of where the attack is coming from.
You can also monitor site traffic with Log Drains.
# Compliance and Certifications
- SOC 2 Type 2 and ISO 27001 reports available
- PCI DSS
- GDPR and CCPA
For the latest compliance updates and more details, check out our Netlify trust center.
# Add contacts for security incidents
To ensure that Netlify can quickly contact you about potential abuse, fraud, or other security incidents, add at least one email address as an incidents contact. If you have an organization, you can only add a contact in your organization settings.
# Add a contact for a team
As a Team Owner, go to
, then select Edit contacts.Add at least one email address as a primary contact for security, abuse, or fraud incidents.
# Add a contact for an organization
If your team is a part of an organization, you can only add contacts in your organization settings.
As an Organization Owner, select your organization name in the navigation and then select Organization overview.
Select your Organization’s Settings page, go to Primary contacts, then select Edit contacts.
Add at least one email address as a primary contact for security, abuse, or fraud incidents. This contact info will appear as read-only in team settings.
# More security resources
Did you find this doc useful?
Your feedback helps us improve our docs.