Cloudflare Pages: gating a site to named emails

The detail behind the one-line "fence a draft to named emails — free" on the Cloudflare Pages page. Cloudflare is the only host in this wiki that gates a link to specific people without a paid plan — but there's a catch worth understanding before you rely on it.

Last verified: 2026-06-07 · checked against developers.cloudflare.com · Confidence: high on the gating mechanics; the Zero Trust seat count and per-seat price are unofficial (not machine-readable on Cloudflare's plans page).

The free toggle covers preview links only

In the project's settings, Settings → General → Enable access policy makes the random preview deployment links (e.g. 373f31e2.your-site.pages.dev) demand a login — only the emails you list get in. [confirmed]

The catch, in Cloudflare's own words: the toggle "will only protect your preview deployments... and not your *.pages.dev domain or custom domain." [confirmed] So the main public address stays open.

Locking the main address takes one more step

To gate the main *.pages.dev or custom domain, you (or your agent) build a Zero Trust Access application for that hostname by hand — more steps, still free under the reported seat tier. [confirmed] on the extra steps; [unclear] on the seat count.

What the gating costs

Free tier. Built on Cloudflare's Zero Trust free plan, widely reported to cover up to 50 users at no cost. [unclear] (Cloudflare's plans page doesn't expose the figure to fetch — unofficial: costbench, seen 2026-06-07)
Past the free tier. Paid Zero Trust is widely reported at $7/user/month, billed for all users at once. [unclear] (unofficial: costbench summary, seen 2026-06-07)
Re-check before relying on a number — seats and price change: cloudflare.com/plans.

What the recipient does

They sign in with the email you allowed — Cloudflare sends a one-time code, or uses their Google/GitHub login. ~1 min the first time. [estimate] Their email must be one you listed, or they're blocked; there's no "request access" for them to click. To cut someone off, remove their email and the next load is blocked — but a copy they already saved stays theirs. [estimate]

Sources

Preview deployments — access policy — "Enable access policy"; protects previews only, not *.pages.dev or custom domain
Known issues — protecting the main domain — extra Zero Trust Access application needed for *.pages.dev / custom domain
Zero Trust plans — official plans page; seat/price figures aren't machine-readable there, carried as [unclear] from unofficial summaries (costbench, seen 2026-06-07)