Akamai Site Shield
Content delivery network (CDN) software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Akamai Site Shield and its alternatives fit your requirements.
Contact the product provider
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Energy and utilities
- Public sector and nonprofit organizations
- Banking and insurance
What is Akamai Site Shield
Akamai Site Shield is a security capability used with Akamai’s edge platform to restrict direct access to an origin infrastructure and route inbound web traffic through Akamai. It is typically used by security and infrastructure teams to reduce origin exposure, limit attack surface, and support DDoS and application-layer protection workflows. The service relies on allowlisting Akamai-controlled egress IP ranges at the origin and enforcing that only traffic coming from Akamai can reach protected origins.
Reduces origin attack surface
Site Shield helps prevent attackers from bypassing edge controls by blocking direct-to-origin traffic. By allowing only Akamai egress IP addresses to reach the origin, it limits exposure of origin IPs and services. This is particularly useful for web applications that otherwise publish origin endpoints or have discoverable infrastructure.
Integrates with edge security stack
The capability is designed to work alongside Akamai’s CDN and security services, so traffic inspection and mitigation can occur before requests reach the origin. This supports layered controls such as DDoS mitigation and web application protections at the edge. Operationally, it centralizes inbound access patterns around the edge rather than the origin network.
Supports network-level enforcement
Implementation commonly uses firewall or security group rules to enforce allowlisting at the origin, which is a straightforward control for many infrastructure teams. It can be applied across multiple origins and environments where inbound access can be restricted by source IP. This approach provides a clear, auditable boundary for inbound web traffic.
Requires strict IP allowlisting
Site Shield depends on maintaining allowlists of Akamai egress IP ranges at the origin, which can add operational overhead. Changes to infrastructure, firewall policies, or IP range updates require coordination to avoid outages. Organizations with complex network segmentation or multiple origin providers may find this more difficult to manage.
Not a standalone CDN
Site Shield is primarily an origin protection mechanism rather than a general-purpose CDN feature set on its own. Teams evaluating CDN products for media optimization, image transformation, or asset management may still need separate capabilities. It is most relevant when the goal is controlling and securing origin access through the edge.
Architecture constraints for some apps
Applications that require direct client-to-origin connectivity (for example, certain APIs, partner integrations, or non-HTTP services) may not fit the enforced routing model. Some environments also need exceptions for health checks, administrative access, or third-party services, which can weaken the “only via edge” posture. These exceptions require careful design to avoid reintroducing origin exposure.
Seller details
Akamai Technologies, Inc.
Cambridge, MA, USA
1998
Public
https://www.akamai.com
https://x.com/Akamai
https://www.linkedin.com/company/akamai-technologies/
