Security that
scales with you.

Vercel strives to maintain and provide a secure Frontend Cloud experience.

Our Shared Responsibility Model conveys the importance of our partnership with our customers.

Certificate of ISO 27001
ISO 27001
Certificate of SOC 2
SOC 2
Certificate of PCI DSS
PCI DSS
Certificate of HIPAA
HIPAA
Certificate of GDPR
GDPR
Certificate of DPF
DPF

Scalable application security and DDoS mitigation with Vercel Firewall.

The Vercel Firewall delivers multi-layer protection against application-layer attacks, DDoS threats, and bots.

Global protection

Edge-localized protection.

L3/L4 protection at every edge location. Your site stays protected without adding latency.

  • L3/L4 DDoS Protection
  • Global L7 Firewall
  • Bot Management

DDoS mitigation

Automatic DDoS Mitigation for all plans.

Embedded bot management and protection against traffic abuse.

198.51.100.227
t13d1726h2
/wp-admin
continent=europe

Powerful Rules Engine

Custom rule management, for everybody.

Instantly create and enforce the rules unique to your business.

Vercel Security Checkpoint
To ensure a smooth and safe experience, we’re taking a few moments to verify your browser.

Attack Challenge Mode

Protect your site when under attack.

Prevent malicious traffic by showing a verification challenge for visitors.

NewVercel Web Application Firewall. Next-level security, seamlessly integrated.

Read the latest announcement
Learn more

Observability

Maintain visibility into key metrics and production deployments, allowing you to monitor threats and requests in real-time.

Managed Rulesets

Enterprise

Activate Vercel’s managed rulesets to protect against top priority risks, including OWASP Top 10.

Framework-aware rules

Define rules based on your framework's routes rather than fiddling with regular expressions or prefixes.

Firewall API

Programmatically manage WAF rules and integrate with third-party tools for continuous, dynamic security.

Rate Limiting

Control the frequency of requests made to your web applications and APIs.

Instant Rollback

Quickly revert to previous versions of firewall rules to ensure continuous protection without unintended outcomes.

Instant propagation

Uses the same propagation pipeline as our cache infra, so firewall changes can be seen across the globe in 300ms.

Persistent actions

Block matching requests from a suspicious client for a set duration, preventing repeat malicious behavior and preventing unnecessary resource use.

Extend your backend

Create a secure, isolated bridge from Vercel to your on-premise backend or Kubernetes services with Vercel Secure Compute.

Contact Sales

Dedicated environments

Private and dedicated access to build and runtime environments.

VPN and VPC peering

Secure runtime environments, without extra backend complexity.

Define your regions

Multiple availability zone redundancy by default.

Designed for high availability.

Every layer of Vercel’s infrastructure is designed for ultimate redundancy and resiliency, so your app stays online, even during the unexpected.
Automatic failover.

Traffic is routed to the nearest region in the face of incidents or network outages, for resilient protection against full regional downtimes.

The world map in polka dot style, some dots are highlighted in blue.
Multi-layered redundancy.

Static assets are automatically replicated and cached across the Vercel Edge Network, with Anycast routing to ensure the lowest latency.

Workspace Security.

Role-based Access Control

Assign roles to ensure that the right people have the right permissions to work on your projects.

Deployment Protection

Secure your Vercel project’s preview and production URLs. Fine-grained access control for deployments.

Audit Logs

Enterprise

Track and analyze your team members' activity. Accessed by team members with the owner role.

Directory Sync

Enterprise

Manage your organization’s memberships from third-party identity providers.

  • @acme/design

    Avatar for raunoAvatar for gennydeeAvatar for gln
  • @acme/eng

    Avatar for timerAvatar for jaredAvatar for cramforceAvatar for gkaragkiaourisAvatar for tomocchino
  • @acme/security

    Avatar for ty-sbanoAvatar for aaronbrownAvatar for kacee
  • @acme/marketing

    Avatar for greetahAvatar for m0rganeAvatar for lindsaygilson
  • Code Owners.

    Ensure the right people review the right code, with the right context.

  • Current Score

    Excellent

    9.6

  • Major Issues

    Across 6 projects

    3

  • Minor Issues

    Across 12 projects

    8

  • Conformance.

    Catch issues before they become security vulnerabilities.

    Security in the Software Development Lifecycle.

    About our Code Checks

    Frequently asked questions.