Threat Protection is an enterprise feature and is gated per organization. Contact your Firecrawl account team to have it enabled for your account.
Modes
Threat Protection has two modes, set at the organization level:- Off (default) — no domain checks are performed.
- Normal — domains are checked against Google Web Risk, which flags domains associated with malware, social engineering (phishing), and unwanted software. +2 credits per domain scanned.
Policy controls
Beyond the classifier, a policy can include:- Custom blacklist — exact domains or globs (e.g.
*.example.com) that are always blocked, without a classifier call. - Custom whitelist — exact domains or globs that are always allowed. The whitelist wins over every other rule, so a domain you trust is never blocked.
- Blocked TLDs — top-level domains to block outright (e.g.
zip), matched on label boundaries. - Risk score threshold — the normalized score (0–100) at or above which a classifier verdict is treated as a block. Lower is stricter. The default is
75. - Failure policy — what to do when the classifier can’t be reached: block (
closed, the default and recommended for a security control) or allow (open).
Configuring the policy
Team admins configure Threat Protection from the organization settings in the dashboard:- Open Settings → Threat Protection.
- Choose a mode, set your risk score threshold, and add any blacklist, whitelist, or blocked-TLD entries.
- Choose whether to allow per-request overrides, and set the failure policy.
- Save. Changes take effect immediately — the next request is evaluated against the new policy.
Per-request overrides
Every endpoint that accepts URLs also accepts an optionalthreatProtection object, so an individual request can tighten (or, if your organization allows it, adjust) the policy for that call:
threatProtection object is rejected with a 403 — this lets an administrator guarantee that the organization policy is the floor for every request.
When a domain is blocked
A blocked request fails with a403 and a stable error code:
- Scrape, batch scrape, extract, agent — a blocked target returns the
unsafe_domain_blockederror for that URL. - Crawl — a blocked seed URL fails the request; blocked links discovered mid-crawl are skipped and the crawl continues.
- Search, map — blocked domains are removed from the returned results rather than surfaced and refused.
Billing
A domain scan costs +2 credits per domain scanned in Normal mode, on top of the base cost of the request. A few details:- Decisions made entirely from your own policy (blacklist, whitelist, or blocked-TLD matches) do not call the classifier and are not charged a scan fee.
- A request that is blocked is still charged for the scan that produced the verdict.
- Crawls, searches, and maps scan each unique domain they encounter, so the scan fees scale with the number of distinct domains, not the number of pages.
Error reference
| Status | When |
|---|---|
403 | A request targets a domain blocked by the policy (code: unsafe_domain_blocked). |
403 | A request includes a threatProtection override while overrides are disabled for the organization. |
403 | Threat Protection options are used on a team without the feature enabled. |
Notes
- The policy is organization-wide: it applies to every API key and every endpoint automatically.
- The whitelist always wins, so an explicitly trusted domain is never blocked by the classifier or a TLD rule.
- With the failure policy set to
closed(the default), a classifier outage causes affected requests to be blocked rather than silently allowed.

