Access Control

This article describes how much access external users have to your sites built on Gatsby Cloud.

This guidance only applies to CMS Previews, Production Builds and Pull Request Builds URLs hosted on the gtsb.io domain.

Public Access

By default, all  builds are publicly accessible to anyone who has the URL. We set an x-robots-tag: none header to prevent search engines from crawling your site.

Enabling Access Control

To enable access control, go to Site Settings > General > Access Control, then click the Edit button.

There are three options for controlling access to your site:

• Public (default): Any can view your site's Preview and Builds
• Password protected: a password (set by you) is required to view any Preview or Build
• Login required: Use this setting if you want to require a user to have a Gatsby Cloud account in order to view Previews and Builds. They will only have access if they are added as an Editor or Viewer via Member Management.

Gatsby Hosting Considerations

Gatsby Hosting (e.g. your site on the gatsbyjs.io domain and your custom domain) is not protected by access control settings. If you have Gatsby Hosting enabled, your site will always be indexable by search engines and publicly accessible to anyone that has the URL. If you want to limit access completely, you must disable Gatsby Hosting until you are ready to go public with your site.