• Hosting and Delivery

  • Governance

  • Content

  • Schema

  • Templating

  • Workflows

  • Search Engine Optimization (SEO)

  • Security

  • Rendering


Security Features in Zesty.io

Zesty.io is designed with a strong focus on security, providing a variety of features that ensure your content and data are protected. This article will cover the key security features of Zesty.io, including User Permissions, User Granular and Custom Roles, Web Application Firewall, Marketing Preview Password, Headless Header Passwords, Security Response Headers, Authentication options like SSO, Basic Auth, and Dev Tokens, as well as Telemetry and Audit Logs.

User Permissions

User permissions in Zesty.io allow you to control access to your site's content and settings. You can assign different permission levels to different users, ensuring that each user only has access to the parts of the site that are relevant to their role.

User Granular and Custom Roles

In addition to the standard roles, Zesty.io enables you to define custom roles with granular permissions. This means you can create roles that exactly fit your team's needs and workflows, providing precise control over who can do what in the CMS.

Web Application Firewall

Zesty.io features a built-in Web Application Firewall (WAF) that helps protect your site from common web threats. The WAF filters, monitors, and blocks unwanted HTTP traffic to and from your web application, safeguarding your data from potential attacks.

Marketing Preview Password

The Marketing Preview Password feature allows you to secure your preview environments with a password. This ensures that your content can only be previewed by authorized users, preventing unauthorized access.

Headless Header Passwords

Zesty.io offers the ability to secure your headless endpoints with header passwords. This provides an extra layer of security, ensuring that only authorized users and applications can access your data.

Security Response Headers

Zesty.io supports the use of security response headers, which provide a way to enhance the security of your site by instructing the browser how to behave when handling your site's content. This can help to prevent attacks like cross-site scripting (XSS) and clickjacking.

Auth options: SSO, Basic Auth, and Dev Tokens

Zesty.io provides several authentication options, including Single Sign-On (SSO), Basic Authentication, and Developer Tokens. SSO allows users to log in once and gain access to multiple systems without being prompted to log in again. Basic Auth provides a simple challenge-and-response mechanism, and Developer Tokens allow secure API access.

Telemetry and Audit Logs

Telemetry and Audit Logs allow you to keep track of actions taken in your Zesty.io account. Audit logs provide a record of who did what and when, which is essential for troubleshooting, security investigations, and complying with regulatory requirements.

The security features of Zesty.io give you confidence in the integrity and safety of your data, allowing you to focus on creating excellent content. With its built-in protections and robust authentication options, Zesty.io is a secure choice for your content management needs.

Get Demo

Want to see how Zesty can help you and your teams? Fill out the form to be contacted by our content management experts. Please look forward to us scheduling a 15 minute call so that we may customize your demo.

Trusted By


Contact us for a Custom Demo

First Name

Last Name




Please tell us about your project