$ operate

Access protection

Keep a page private without standing up auth. Protect it with a password or an email gate, enforced at the edge.

Password protection

Require a password before a page renders. You can set multiple labeled passwords for the same page — each visitor unlocks with one, and the label they used is recorded, so you can tell who got in (e.g. give “investors” and “press” different passwords).

  1. Open a page and enable password protection.
  2. Add one or more passwords, each with a label.
  3. Share the relevant password with each audience.

Email gate

Instead of (or alongside) a password, require visitors to enter an email address before viewing. The captured emails become part of your access log.

How it’s enforced

  • The gate is enforced at the serving edge — an unlocked page sets a signed, httpOnly, host-scoped cookie so the visitor isn’t re-prompted on every navigation.
  • Passwords are stored hashed and are never returned to the browser.
  • Visitors see a branded unlock screen; the page HTML is only served after a successful unlock.

Access log

Each unlock is recorded. A page’s access view shows who unlocked it, when, and which labeled password (or email) was used.

Access protection controls who can view a page. It’s a gate, not full user accounts — anyone with a valid password or who enters an email can view.
PreviousAnalyticsNext Billing & plans