Security that
scales with you.

Vercel strives to maintain and provide a secure Frontend Cloud experience.

Our Shared Responsibility Model conveys the importance of our partnership with our customers.

Get a Demo

ISO 27001

SOC 2

PCI DSS

HIPAA

GDPR

DPF

Scalable application security and DDoS mitigation with Vercel Firewall.

The Vercel Firewall delivers multi-layer protection against application-layer attacks, DDoS threats, and bots.

Learn More

Add Firewall Rules Now

Global protection

Edge-localized protection.

L3/L4 protection at every edge location. Your site stays protected without adding latency.

L3/L4 DDoS Protection
Global L7 Firewall
Bot Management

DDoS mitigation

Automatic DDoS Mitigation for all plans.

Embedded bot management and protection against traffic abuse.

198.51.100.227

t13d1726h2

/wp-admin

continent=europe

Powerful Rules Engine

Custom rule management, for everybody.

Instantly create and enforce the rules unique to your business.

Vercel Security Checkpoint

To ensure a smooth and safe experience, we’re taking a few moments to verify your browser.

Attack Challenge Mode

Protect your site when under attack.

Prevent malicious traffic by showing a verification challenge for visitors.

NewVercel Web Application Firewall. Next-level security, seamlessly integrated.

Read the latest announcement

Learn more

Observability

Maintain visibility into key metrics and production deployments, allowing you to monitor threats and requests in real-time.

Managed Rulesets

Enterprise

Activate Vercel’s managed rulesets to protect against top priority risks, including OWASP Top 10.

Framework-aware rules

Define rules based on your framework's routes rather than fiddling with regular expressions or prefixes.

Firewall API

Programmatically manage WAF rules and integrate with third-party tools for continuous, dynamic security.

Rate Limiting

Control the frequency of requests made to your web applications and APIs.

Instant Rollback

Quickly revert to previous versions of firewall rules to ensure continuous protection without unintended outcomes.

Instant propagation

Uses the same propagation pipeline as our cache infra, so firewall changes can be seen across the globe in 300ms.

Persistent actions

Block matching requests from a suspicious client for a set duration, preventing repeat malicious behavior and preventing unnecessary resource use.

Trusted by the most security conscious teams.

Extend your backend

Create a secure, isolated bridge from Vercel to your on-premise backend or Kubernetes services with Vercel Secure Compute.

Contact Sales

Dedicated environments

Private and dedicated access to build and runtime environments.

VPN and VPC peering

Secure runtime environments, without extra backend complexity.

Define your regions

Multiple availability zone redundancy by default.

Designed for high availability.

Every layer of Vercel’s infrastructure is designed for ultimate redundancy and resiliency, so your app stays online, even during the unexpected.

Automatic failover.

Traffic is routed to the nearest region in the face of incidents or network outages, for resilient protection against full regional downtimes.

The world map in polka dot style, some dots are highlighted in blue.

Multi-layered redundancy.

Static assets are automatically replicated and cached across the Vercel Edge Network, with Anycast routing to ensure the lowest latency.

Effortless high availability for dynamic frontends

Vercel's multi-layered approach to frontend resiliency.

Malte Ubl

CTO at Vercel

Workspace Security.

Role-based Access Control

Assign roles to ensure that the right people have the right permissions to work on your projects.

Deployment Protection

Secure your Vercel project’s preview and production URLs. Fine-grained access control for deployments.

Audit Logs

Enterprise

Track and analyze your team members' activity. Accessed by team members with the owner role.

Directory Sync

Enterprise

Manage your organization’s memberships from third-party identity providers.

@acme/design

@acme/eng

@acme/security

@acme/marketing

Code Owners.

Ensure the right people review the right code, with the right context.

Current Score

Excellent

9.6

Major Issues

Across 6 projects

Minor Issues

Across 12 projects

Conformance.

Catch issues before they become security vulnerabilities.

Security in the Software Development Lifecycle.

About our Code Checks

Frequently asked questions.

Does Vercel offer DDoS protection?

Is Vercel SOC 2 Type 2 compliant?

Is Vercel GDPR compliant?

Is Vercel ISO 27001 certified?

Is Vercel certified under the Data Privacy Framework (DPF)?

Does Vercel support HIPAA compliance?

Does Vercel support PCI compliance?

Can I protect my deployments?

Does Vercel encrypt data?

Does Vercel backup the data on its platform?

What infrastructure does Vercel use?

Does Vercel provide infrastructure segregation?

Does Vercel conduct regular penetration testing and vulnerability scans?

Does Vercel use subprocessors?

Does Vercel have a bug bounty program?

Does Vercel offer a Web Application Firewall?

Does Vercel protect against OWASP Top 10?

What is Vercel Access Security?

What is Vercel Infrastructure Security?

What is Vercel Application Security?

Ready to deploy? Start building with a free account. Speak to an expert for your Pro or Enterprise needs.

Start Deploying

Contact Sales

Trial Vercel with higher execution, increased app bandwidth, Speed Insights, team features, and more.

Request a Trial

DX Platform

Managed Infrastructure

Open Source

Use Cases

Users

Tools

Company

Security that
scales with you.

Scalable application security and DDoS mitigation with Vercel Firewall.

Global protection

DDoS mitigation

Powerful Rules Engine

Attack Challenge Mode

Extend your backend

Dedicated environments

VPN and VPC peering