Security /

Security overview

Netlify can meet the complex security and compliance needs of Enterprises and cross-functional teams with customizable access to production and preview sites, SAML SSO login, SCIM provisioning, role-based access control, Firewall traffic rules, and more.

# Check your security posture

If you have an Enterprise plan, you can improve your team’s security and reduce your vulnerabilities by reviewing the Security Scorecard for your Enterprise team.

You can also check out the security checklist for more details on how Netlify can improve your security.

# Secure access to sites

Customize access control for your sites with a password prompt, login credentials, or based on site visitors’ IP address or location.

Block traffic to your site with Firewall traffic rules and set custom rate limits with our rate limit rules.

Learn more about Secure access to sites.

# Secure Netlify access

Secure how people can access your Netlify team, resources, and sensitive information with these security features:

Learn more about Secure access to Netlify

# Secure by design and at scale

Netlify’s Frontend Cloud has a reduced attack surface, offering security by design.

Netlify also offers these security features to help you stay secure as you scale:

# Support against DDoS attacks

Even if a malicious attacker tries to take down your site, our global infrastructure and automated DDoS protection can keep your site available.

Netlify automatically detects distributed denial-of-service (DDoS) attacks and will rate limit and block malicious clients from connecting to sites hosted on our servers.

Our edge network mitigates malicious clients from impacting network performance in several ways, including:

  • Global load balancing: routes traffic strategically amongst our many servers. Netlify manages these servers to ensure capacity grows as needed.
  • Automatic DDoS detection: automatically identifies anomalous clients that pose a risk to your site’s availability.
  • Automatic rate limiting & blocking: mitigates attacks by rate limiting and blocking identified clients from connecting to sites deployed on Netlify and hosted on our servers.

Control traffic to your site

To help you control traffic to your site, you can configure your own traffic rules and block traffic or only allow traffic from specific geographic locations or IP addresses. Learn more about Firewall Traffic Rules. This feature may be helpful for certain DDoS attacks when you have an idea of where the attack is coming from.

You can also monitor site traffic with Log Drains.

# Compliance and Certifications

  • SOC 2 Type 2 and ISO 27001 reports available
  • GDPR and CCPA

For the latest compliance updates and more details, check out our Netlify trust center.

# Add contacts for security incidents

To ensure that Netlify can quickly contact you about potential abuse, fraud, or other security incidents, add at least one email address as an incidents contact. If you have an organization, you can only add a contact in your organization settings.

# Add a contact for a team

  1. As a Team Owner, go to

    , then select Edit contacts.

  2. Add at least one email address as a primary contact for security, abuse, or fraud incidents.

# Add a contact for an organization

If your team is a part of an organization, you can only add contacts in your organization settings.

  1. As an Organization Owner, navigate to your Organization overview page. At the top of Netlify, use the organization menu to select your organization, then select Organization overview.

  2. Select your Organization’s Settings page, go to Primary contacts, then select Edit contacts.

  3. Add at least one email address as a primary contact for security, abuse, or fraud incidents. This contact info will appear as read-only in team settings.

# More security resources