Data Loss Prevention
Cloudflare Data Loss Prevention (DLP) allows you to scan your web traffic and SaaS applications for the presence of sensitive data such as social security numbers and credit card numbers.
Data-in-transit
Data Loss Prevention complements Secure Web Gateway to detect sensitive data transferred in HTTP requests. DLP scans the entire HTTP body, which may include uploaded or downloaded files, chat messages, forms, and other web content. Visibility varies depending on the site or application. DLP does not scan non-HTTP traffic such as email, nor does it scan any traffic that bypasses Cloudflare Gateway (for example, traffic that matches a Do Not Inspect rule).
To get started, refer to Scan HTTP traffic with DLP.
Data-at-rest
Data Loss Prevention complements Cloudflare CASB to detect sensitive data stored in your SaaS applications. Unlike data-in-transit scans which read files sent through Cloudflare Gateway, CASB retrieves files directly via API. Therefore, Gateway and WARP settings (such as Do Not Inspect and Split Tunnel rules) will not affect data-at-rest scans.
To get started, refer to our CASB documentation.
Supported file types
Formats
- Text and CSV
- Microsoft Office 2007 and later (
.docx
,.xlsx,
.pptx
) - ZIP files containing the above
Size
The maximum file size is 100 MB. Size limitation is assessed against the file after unzipping. ZIP files can be recursively compressed a maximum of 10 times.
Feature availability
Data Loss Prevention is only available on Enterprise plans.