The ability disable default domains
![](https://secure.gravatar.com/avatar/23e33ad96f3ad515bb9fc43ad0928412?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)
-
Good guy commented
Quote: "Hi Support,
I understand, but giving a site a lengthy and random name is not resolving the case, same as robots.txt, which is for search engine robots only.
Because the loophole here is in the DNS lookup system, one can easily see the TXT records that contains the project name and therefore find the unprotected default domain name, especially when I am using the custom domain to connect to the firebase functions server. It generates extra costs If attacked and even data leakage when scanned by some tools If not protected by a firewall. How do I resolve this?
All in all, I do not want my proejct ID to be public and so as the default domains, because it cannot be protected by firewalls like Cloudflare and subject to DDOS attacks etc. Thanks." -
Anthony Boyd commented
Or at a minimum, add the ability to make them 301 (Permanently Moved) to the custom domain.