> ## Documentation Index > Fetch the complete documentation index at: https://docs.sevalla.com/llms.txt > Use this file to discover all available pages before exploring further. # DDoS protection > Learn how Sevalla protects every application and site with always-on Cloudflare DDoS protection. Every application and static site hosted on Sevalla is served through Cloudflare's global network and benefits from always-on DDoS protection by default. This protection is not a per-site setting we turn on or off. It applies automatically to all traffic, runs continuously across Cloudflare's network at no additional cost, and requires no action from you. ## Coverage Sevalla's Cloudflare integration mitigates distributed denial-of-service (DDoS) attacks at both the network and application layers. * **Network layer (L3/L4):** Cloudflare's Network-layer DDoS Attack Protection managed ruleset is always enabled and mitigates attacks such as SYN floods, UDP floods, and reflection attacks. * **Application layer (L7):** Cloudflare's HTTP DDoS Attack Protection managed ruleset is always enabled and mitigates HTTP-based attacks automatically, typically within a few seconds. * **Always-on:** The protection runs continuously across Cloudflare's network at no extra cost and requires no configuration. DDoS protection is independent of the [CDN](/applications/cdn) caching setting. Even when CDN caching is disabled for an application, all traffic still routes through Cloudflare and remains protected. ## Security reviews If you or a client need to confirm DDoS coverage as part of a security review, you can cite the following: * [Sevalla DDoS protection](https://docs.sevalla.com/service-information/ddos-protection) (this page) * [Cloudflare DDoS protection overview](https://developers.cloudflare.com/ddos-protection/about/), which confirms always-on, unmetered protection at L3, L4, and L7 for all onboarded properties.