Data Loss Prevention
Cloudflare Data Loss Prevention (DLP) allows you to scan your web traffic and SaaS applications for the presence of sensitive data such as social security numbers, financial information, secret keys, and source code.
Data Loss Prevention complements Secure Web Gateway to detect sensitive data transferred in HTTP requests. DLP scans the entire HTTP body, which may include uploaded or downloaded files, chat messages, forms, and other web content. DLP does not scan non-HTTP traffic such as email, nor does it scan any traffic that bypasses Cloudflare Gateway (for example, traffic that matches a Do Not Inspect policy. The depth of visibility into data in transit varies for each site or application.
To get started, refer to Scan HTTP traffic with DLP.
Data Loss Prevention complements Cloudflare CASB to detect sensitive data stored in your SaaS applications. Unlike data in transit scans which read files sent through Cloudflare Gateway, CASB retrieves files directly via the API. Therefore, Gateway and WARP settings (such as Do Not Inspect policies and Split Tunnel configurations) will not affect data at rest scans.
To get started, refer to Scan SaaS applications with DLP.
DLP supports scanning the following file types:
- Text and CSV
- Microsoft Office 2007 and later (
.docx
,.xlsx,
.pptx
), including Microsoft 365 - ZIP files containing the above
The maximum file size is 100 MB. Size limitation is assessed against the file after unzipping. ZIP files can be recursively compressed a maximum of 10 times.