Resource confidentiality

Once you upload a resource (e.g., a PDF document or an illustration) to the Resources panel or to a Collection field, that resource is also transferred to Amazon Web Servers (AWS) and distributed through our content delivery network (CDN). This results in a distinct filename that also associates the file with your website.

Resources you upload to the Resources panel or Collection field are not limited — they are publicly accessible and searchable, but may not necessarily be found or included in search engine results if the file is not on a publicly visible webpage or linked elsewhere.

In this tutorial, you will discover:

1. Situations where resources could potentially be discovered
2. Methods to prevent discovery of uploaded resources
3. Steps to eliminate files from our CDN

Possible cases where resources are potentially discoverable

There are several cases where resources uploaded to your website could potentially be found or indexed by search engines:

• You have a direct URL link to the uploaded resource
• The unique filename (GUID) can be inferred
• The resource is interconnected or shared somewhere (e.g., a Collection page or static page contains or links to the resource)
• The resource is on a publicly visible webpage for Google or other search engines to scan and index the resource

If you have mistakenly uploaded a confidential file, you can ask for the file to be removed from our CDN.

Note: If a Collection page points to the file, or if the file is linked elsewhere on a static page (or a Collection page) through a CMS Collection list, Google can scan the page and index any links it follows.

Ways to prevent discovery of uploaded resources

You can avoid the discovery of uploaded resources using several methods:

• Use a password protection feature
• Add a nofollow attribute to the file link
• Utilize restricted access for file upload forms

It is essential to understand that these methods will not remove restricted files that have already been indexed by search engines. If a restricted file has already been indexed by search engines, you can request to have the file removed from our CDN.

Password protection

If a page containing the resource or a link to the resource is password protected, the link will not be detectable on the page. This is because the page delivers a password-protected response — and the content will not load or be indexed.

However, if the page that contains the resource or link to the resource is initially unprotected but later becomes password protected, search engines may have already scanned and indexed the content — including any links to files on the page. In this case, the actual file link remains accessible, and search engines would continue to index that file. In essence, the link to the uploaded file is not safeguarded by a password — only the page itself is password protected.

Furthermore, private files on password-protected pages may be indexed if the page’s password protection relies on custom scripts (instead of Webflow’s built-in password protection feature). As search engine crawlers operate with JavaScript disabled, custom scripts will not prevent private files from being scanned or indexed.

Add a nofollow attribute to the file link

To prevent a link (like a link to a PDF file) from being indexed, you can attach a rel=nofollow attribute to links leading to the file you wish to limit access to.

To add the custom nofollow attribute to links:

1. Select the link where you want to apply the custom attribute
2. Access Element settings panel > Custom attributes
3. Click the “plus” icon
4. Insert “rel” in the Name field and “nofollow” in the Value field
5. Exit the modal to save the attribute

Note: The nofollow attribute serves as a suggestion to search engines not to follow links marked with the attribute to restricted files. However, search engines may still index the file if they crawl it via another link. Additionally, the nofollow attribute does not eradicate restricted files that have already been indexed by search engines.

Utilize restricted access for file upload forms

Resources uploaded through form file uploads when Restrict file upload access is switched “off” are not limited. To control files uploaded via form file upload, navigate to Site settings > Forms > Restrict uploaded file access and toggle Restrict file upload access “on.”

Files uploaded via restricted form file upload access are inaccessible for search engines to index or for others to view unless they are logged in to a Webflow account with access to those form submissions. Find out more about limiting access to form file uploads.

Note: Files uploaded via restricted form file upload access cannot be utilized on CMS Collection pages or static pages. This is due to their restricted links, requiring logged-in access.

Steps to eliminate files from our CDN

If you have unintentionally uploaded a confidential file, you can request to have the file removed from our CDN, redirecting the link to the file to a 404 error page and search engines will ultimately remove the files from search results.

If the file was uploaded to the Resources panel, follow these steps to delete it from our CDN:

1. Create a list of links to all resources you wish to erase
2. Eradicate all instances of the resource(s) from your site
3. Delete the resource(s) in the Resources panel (note that removing the resource(s) from the Resources panel will not erase all instances of the resource(s) from your site)
4. Reach out to customer support with your list of file links

Explore further details on deleting resources from the Resources panel.

If the file was uploaded to a Collection field, follow these steps to have it removed from our CDN:

1. Create a list of links to all files you want to remove
2. Eliminate or substitute the file(s) in the Collection field(s) so they are no longer associated with your Collection items
3. Connect with customer support with your list of file links