Comment by tjosepo
1 year ago
Every Netlify project is assigned a Netlify subdomain (i.e. `example.netlify.app`) that cannot be removed or proxied.
If anyone figures out what your Netlify subdomain is, it's my understanding that they can DDoS you and there's nothing you can do about it.
That makes sense, but is the Netlify subdomain visible from your custom domain? How would they be able to figure it out, other than humans leaking it somehow?
It should not be visible, but security-by-obscurity is not something that makes me sleep well at night.
It's a design limitation of Netlify that might cost you $100,000 some day.