[{"data":1,"prerenderedAt":172},["ShallowReactive",2],{"blog-launch/netlify-deployment":3},{"id":4,"title":5,"body":6,"category":152,"date":153,"dateModified":153,"description":154,"draft":155,"extension":156,"faq":157,"featured":155,"headerVariant":158,"image":157,"keywords":157,"meta":159,"navigation":160,"ogDescription":161,"ogTitle":162,"path":163,"readTime":157,"schemaOrg":164,"schemaType":165,"seo":166,"sitemap":167,"stem":168,"tags":169,"twitterCard":170,"__hash__":171},"blog/blog/launch/netlify-deployment.md","Netlify Deployment Launch Security Checklist: 14 Items Before Going Live",{"type":7,"value":8,"toc":146},"minimark",[9,19,22,43,62,78,93,109,114,117,120],[10,11,12,16],"tldr",{},[13,14,15],"p",{},"TL;DR",[13,17,18],{},"Netlify provides secure infrastructure with automatic HTTPS. Your job is to configure environment variables, add security headers via _headers file or netlify.toml, review team access, and verify your app works correctly on the production domain.",[20,21],"print-button",{},[23,24,27,32,36,39],"checklist-section",{"count":25,"title":26},"4","Environment Variables",[28,29],"checklist-item",{"description":30,"label":31},"Go to Site Settings > Build & Deploy > Environment Variables","Set production environment variables",[28,33],{"description":34,"label":35},"Set different values for production vs deploy previews","Use context-specific values",[13,37,38],{},"::checklist-item{label=\"Mark sensitive vars appropriately\" description=\"Use \"Sensitive variable\" setting to hide values in logs\"}\n::",[28,40],{"description":41,"label":42},"Review deploy logs for accidentally printed secrets","Check build logs for exposed secrets",[23,44,46,50,54,58],{"count":25,"title":45},"Security Headers",[28,47],{"description":48,"label":49},"Add X-Frame-Options, X-Content-Type-Options, Referrer-Policy","Create _headers file or use netlify.toml",[28,51],{"description":52,"label":53},"Start restrictive and allow only what your app needs","Configure Content Security Policy",[28,55],{"description":56,"label":57},"In Site Settings > Domain Management, force HTTPS","Enable HTTPS redirect",[28,59],{"description":60,"label":61},"Check your configuration is working correctly","Verify headers at securityheaders.com",[23,63,66,70,74],{"count":64,"title":65},"3","Access and Functions",[28,67],{"description":68,"label":69},"Remove people who no longer need access","Review team member access",[28,71],{"description":72,"label":73},"Prevent public access to preview deployments","Password protect deploy previews (if needed)",[28,75],{"description":76,"label":77},"Add auth checks to any serverless functions","Secure Netlify Functions",[23,79,81,85,89],{"count":64,"title":80},"Production Verification",[28,82],{"description":83,"label":84},"Verify everything works on your actual URL","Test on production domain",[28,86],{"description":87,"label":88},"Login, protected routes, and sessions function correctly","Verify authentication works",[28,90],{"description":91,"label":92},"Catch issues you may have missed","Run automated security scan",[94,95,96,103],"faq-section",{},[97,98,100],"faq-item",{"question":99},"How do I add security headers on Netlify?",[13,101,102],{},"Create a _headers file in your publish directory or add headers in netlify.toml. Example: /* X-Frame-Options: DENY. Both methods work for static sites and Netlify Functions.",[97,104,106],{"question":105},"Are Netlify Functions secure?",[13,107,108],{},"Netlify Functions run in secure AWS Lambda environments, but you need to add your own authentication checks. They're not protected by default, so verify the request before processing sensitive operations.",[110,111,113],"h3",{"id":112},"scan-your-netlify-site","Scan Your Netlify Site",[13,115,116],{},"Find security issues before launch.",[13,118,119],{},"Start Free Scan",[121,122,123,129,134,139,144],"related-articles",{},[124,125],"related-card",{"description":126,"href":127,"title":128},"Security checklist for beta launches. 14 essential items to verify before inviting your first beta users, including data","/blog/launch/beta-launch","Beta Launch Security Checklist: 14 Items Before Inviting Beta Users",[124,130],{"description":131,"href":132,"title":133},"Pre-launch security checklist for Bolt.new apps. 16 critical items to check before deploying your Bolt-generated applica","/blog/launch/bolt-app","Bolt.new App Launch Security Checklist: 16 Items Before Going Live",[124,135],{"description":136,"href":137,"title":138},"Pre-launch security checklist for Cursor-built apps. 18 essential items to verify before deploying your AI-generated app","/blog/launch/cursor-app","Cursor App Launch Security Checklist: 18 Items Before Going Live",[124,140],{"description":141,"href":142,"title":143},"Security checklist for public API launches. 16 essential items to verify before opening your API to external developers,","/blog/launch/api-public-launch","API Public Launch Security Checklist: 16 Items Before Opening Your API",[124,145],{"description":126,"href":127,"title":128},{"title":147,"searchDepth":148,"depth":148,"links":149},"",2,[150],{"id":112,"depth":151,"text":113},3,"launch","2026-02-10","Pre-launch security checklist for Netlify deployments. 14 essential items covering environment variables, headers, and production configuration.",false,"md",null,"orange",{},true,"Pre-launch security checklist for Netlify. 14 essential items before deploying.","Netlify Deployment Launch Security Checklist","/blog/launch/netlify-deployment","[object Object]","Article",{"title":5,"description":154},{"loc":163},"blog/launch/netlify-deployment",[],"summary_large_image","X-H9Lz2WWtxCkUvCQw-rsANp5sqw9xcY5hdJOVW_gxI",1775843935934]