Project Configuration
Project Security
Restrict who can reach a deployment — gate it behind a password and allow only trusted IPs through without a prompt.
In the dashboardProject → Settings → Security
Deployment password protection
Require a password before any content is served. Visitors see a prompt presented by the edge proxy; only those with the password get through. This is ideal for staging sites, client previews, or work-in-progress you don't want public or indexed by search engines.
Protection is enforced before your app runs, so even direct asset URLs are gated — not just the home page.
Trusted IPs
Allowlist specific IPs or ranges so your office or VPN can reach a protected deployment without the password prompt. Combine this with firewall rules and rate limiting for layered protection.