Does Netlify support rate limiting?

Netlify does not offer built-in rate limiting for sites or functions. Your API endpoints and serverless functions can receive unlimited requests without any throttling. This leaves your application vulnerable to brute-force attacks, credential stuffing, API abuse, and resource exhaustion. You can implement rate limiting through Netlify Edge Functions using in-memory counters, but these do not persist across function instances. For production rate limiting, you need an external solution like Cloudflare, a Redis-based rate limiter, or a dedicated API gateway. UNPWNED checks whether your endpoints have rate limiting protection and reports unprotected routes.