Ask Netlify
Our chatbot assistant can quickly answer your questions.

Site visitor access overview

You can customize how site visitors access your entire site, just parts of your site, or just preview environments of your site, such as Deploy Previews and branch deploys. Optimize site visitor access for gated content, site administration, protected early access to your site for QA, and more.

The features outlined in this overview allow you to require site visitors to enter a password or other credentials to access your site.

In addition, you can also set up Firewall Traffic Rules to block or allow traffic to your site based on an IP address or geographic location. Netlify applies traffic rules to a site deploy before other site visitor access features. This means that blocked site visitors will encounter a 404 error page before they encounter any password or site authentication prompt.

Netlify offers these options for customizing site visitor access:

  • Site protection. Protect your entire site or just preview environments of your site with a password you control or by requiring site visitors to be Netlify team members and log in with their Netlify team credentials. Site protection settings are built-in to the Netlify UI for quick adjustment. One of the password options was previously called site-wide password protection.
  • Netlify Identity service. Allows you to manage and authenticate users on your site or app, without requiring them to be users of Netlify or any other service. Optimized for gated content, site administration, and more.
  • Git Gateway. Connects your site to a Git provider’s API, allowing tools like a CMS to work with content, branches, and pull requests on your users’ behalf. This feature is in BETA.
  • OAuth provider tokens. Add authentication to your site using GitHub, GitLab, or Bitbucket and Netlify’s built-in support for OAuth2 integration.
  • Role-based access control with JWT. Customize granular access to your site, or to specific pages using JSON Web Tokens (JWT), custom roles you define, and redirect rules to grant access to those sections.
  • Basic authentication with custom HTTP headers. Configure basic authentication for your site to protect just one or more sections of your site using Netlify’s custom HTTP header support. Unlike the site protection password options, you can set multiple passwords for your site. Formerly called Selective password protection.

For more help figuring out the best option for your use case, check out the official Support guide Access control options for your Netlify sites.