> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firecrawl.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Update Threat Protection Policy

> Full-document update. Unspecified fields reset to defaults. Enterprise feature, team admins only.

Full-document update of your organization's [threat protection](/features/threat-protection) policy. Unspecified fields reset to defaults. Team admins only.


## OpenAPI

````yaml api-reference/v2-openapi.json PUT /team/threat-protection
openapi: 3.0.0
info:
  title: Firecrawl API
  version: v2
  description: >-
    API for interacting with Firecrawl services to perform web scraping and
    crawling tasks.
  contact:
    name: Firecrawl Support
    url: https://firecrawl.dev/support
    email: support@firecrawl.dev
servers:
  - url: https://api.firecrawl.dev/v2
security:
  - bearerAuth: []
paths:
  /team/threat-protection:
    put:
      tags:
        - Threat Protection
      summary: Update the team's threat protection policy
      description: >-
        Full-document update. Unspecified fields reset to defaults. Enterprise
        feature, team admins only.
      operationId: updateThreatProtection
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - mode
              properties:
                mode:
                  type: string
                  enum:
                    - 'off'
                    - normal
                  description: >-
                    Threat protection mode. `off` disables checks; `normal`
                    checks domains against Google Web Risk (+2 credits per
                    domain scanned).
                  example: normal
                riskScoreThreshold:
                  type: integer
                  minimum: 0
                  maximum: 100
                  description: >-
                    Normalized score (0-100) at or above which a classifier
                    verdict is blocked. Lower is stricter.
                  example: 75
                blacklist:
                  type: array
                  items:
                    type: string
                  description: >-
                    Exact domains or globs (e.g. `*.example.com`) always
                    blocked, without a classifier call.
                  example:
                    - '*.risky.example'
                whitelist:
                  type: array
                  items:
                    type: string
                  description: >-
                    Exact domains or globs always allowed. Wins over every other
                    rule.
                  example:
                    - '*.trusted.example'
                blockedTlds:
                  type: array
                  items:
                    type: string
                  description: >-
                    Top-level domains to block outright, lowercase without a
                    leading dot.
                  example:
                    - zip
                failurePolicy:
                  type: string
                  enum:
                    - open
                    - closed
                  description: >-
                    Behavior when the classifier is unreachable: `closed` blocks
                    (default), `open` allows.
                  example: closed
                allowRequestOverrides:
                  type: boolean
                  description: >-
                    Whether individual requests may pass a `threatProtection`
                    object. When false, such requests are rejected with 403.
                  example: true
      responses:
        '200':
          description: Effective threat protection policy for the team's organization.
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: true
                  data:
                    type: object
                    properties:
                      mode:
                        type: string
                        enum:
                          - 'off'
                          - normal
                        description: >-
                          Threat protection mode. `off` disables checks;
                          `normal` checks domains against Google Web Risk (+2
                          credits per domain scanned).
                        example: normal
                      riskScoreThreshold:
                        type: integer
                        minimum: 0
                        maximum: 100
                        description: >-
                          Normalized score (0-100) at or above which a
                          classifier verdict is blocked. Lower is stricter.
                        example: 75
                      blacklist:
                        type: array
                        items:
                          type: string
                        description: >-
                          Exact domains or globs (e.g. `*.example.com`) always
                          blocked, without a classifier call.
                        example:
                          - '*.risky.example'
                      whitelist:
                        type: array
                        items:
                          type: string
                        description: >-
                          Exact domains or globs always allowed. Wins over every
                          other rule.
                        example:
                          - '*.trusted.example'
                      blockedTlds:
                        type: array
                        items:
                          type: string
                        description: >-
                          Top-level domains to block outright, lowercase without
                          a leading dot.
                        example:
                          - zip
                      failurePolicy:
                        type: string
                        enum:
                          - open
                          - closed
                        description: >-
                          Behavior when the classifier is unreachable: `closed`
                          blocks (default), `open` allows.
                        example: closed
                      allowRequestOverrides:
                        type: boolean
                        description: >-
                          Whether individual requests may pass a
                          `threatProtection` object. When false, such requests
                          are rejected with 403.
                        example: true
                      configured:
                        type: boolean
                        description: >-
                          Whether the organization has saved a policy (vs.
                          serving defaults).
                        example: true
                      updatedAt:
                        type: string
                        format: date-time
                        nullable: true
        '400':
          description: Invalid policy document.
        '403':
          description: >-
            Threat protection is not enabled for this team, or a request
            override was sent while overrides are disabled.
      security:
        - bearerAuth: []
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````