SafeBase has three public-facing endpoints:

SafeBase utilizes Cloudflare for its WAF services. These services include several custom and Cloudflare-managed firewall rules that protect bot and malicious traffic, unauthorized scanning, and distributed denial of service (DDoS) attacks.

As mentioned above, we offer our customers a service that allows them to create customized URLs for our public-facing trust centers. These custom hostnames follow a subdomain naming convention of prefix.company.domain e.g. trust.safebase.io.
​

Essentially, this is a vanity URL. We provide our customers with DNS records that they will, in turn, add to their infrastructure/DNS provider. While our customers technically own the URL/Domain, it will point to SafeBase's backend/origin.

Custom URLs are provided using a Cloudflare Custom Hostname via our Cloudflare for SaaS service. This allows SafeBase as the SaaS provider, to extend the benefits of our Cloudflare products via custom domains by adding them to our zone as custom hostnames.
​
​Regarding Cloudflare's Port Security Policy: Please view this help article; Cloudflare has default ports used for communication; having open ports is not necessarily a security concern, as our Web Application Firewall (WAF) prevents traffic on unused ports.

We do allow external network scanning of our endpoints. That said, customers who would like to perform any scanning should reach out to the SafeBase team via support@safebase.io.