Skip to content

Advanced Deployment Protection Features

Learn about Advanced Deployment Protection, which includes Password Protection, Protection Bypass for Automation, and Private Production Deployments.

While all teams can use the basic deployment protection features, Vercel also offers advanced deployment protection that includes Password Protection, Protection Bypass for Automation, and Private Production Deployments.

Advanced Deployment Protection allows you to provide fine-grained control over who can access your deployments, with password protection and the ability to make your production deployment private. In addition, Protection Bypass for Automation makes it possible for your automation to bypass the authentication during end-to-end testing of your project.

The following limits apply to Hobby, Pro, and Enterprise accounts with Deployment Protection feature enabled:

Features
Hobby
Pro
Advanced Deployment Protection (add-on $150 per month)
Enterprise
Ability to make preview URLs private
One link per account
Unlimited
Unlimited
Unlimited
Audit Logs

All Advanced Deployment Protection features are included as part of the Enterprise plan.

Teams on the Pro team plans can opt-in to Advanced Deployment Protection features for $150 per month. To enable this, select the project that you'd start adding the features to. In the Settings tab, go to Deployment Protection and under the any of the Advanced Deployment Protection features, select Enable and Pay.

Once Advanced Deployment Protection has been enabled for your selected project, all features will be available to use for all Projects within your team.

Selecting the Enable and Pay button to add Advanced Deployment Protection features.

Password Protection is available on all plans

Those with Admin, Member roles on a team have access

With Password Protection enabled, visitors to your preview deployment must enter the pre-defined password to gain access. You can set the desired password from your project settings when enabling the feature.

Enabling Password Protection.

To password-protect your deploy URLs, turn on the toggle and enter a password of your choice.

Turning on the toggle and specifying the user password.

Click Save, and all your existing and future Preview Deployments are protected via a password for that project.

Next time when you access the deployment, you will be asked to log in by entering the password, which takes you to the deployment. A cookie will then be set in your browser, giving access to all Preview Deployments of the project.

  • If you change the password, users who have previously entered the password with a set cookie will need to enter a new password
  • If you disable password protection, all existing deployments of the project will become unprotected
  • If you disable the protection and then enable it without changing the password, users with a set cookie will continue to access the deployments without re-entering the password
  • You can use Password Protection in conjunction with Vercel Authentication.
  • The JWT token set as a cookie is valid for one URL and cannot be reused for different URLs, even if these URLs point to the same deployment

You can also read more about how to bypass the protection for automated tools.

Protection Bypass for Automation is available in Beta on all plans

Those with Admin, Member, Developer roles on a team have access

The Protection Bypass for Automation feature allows you to bypass Vercel Deployment Protection (Password Protection and Vercel Authentication) for automated tooling (e.g. E2E testing).

The generated secret can be used to bypass Deployment Protection on all deployments in a project until it is revoked.

Protection Bypass for Automation option with advanced deployment protection feature.

To use Protection Bypass for Automation, set an HTTP header named x-vercel-protection-bypass with the value of the generated secret for the project.

Using a header is strongly recommended, however in cases where your automation tool is unable to specify a header, it is also possible to set the same name and value as a query parameter.

x-vercel-protection-bypass: your-generated-secret

To bypass authorization on follow-up requests (e.g. for in-browser testing) you can set an additional header or query parameter named x-vercel-set-bypass-cookie with the value true. This will set the authorization bypass as a cookie on your domain via a redirect.

x-vercel-set-bypass-cookie: true (optional)

Private Production Deployments are available on all plans

Those with Admin, Member roles on a team have access

To protect Production Deployments in addition to Preview Deployments, enable the "Also protect my Production Deployment" from the project settings and click Save. This will make all your production deployments private. You can enable production protection using Password Protection and Vercel Authentication.

To opt out of this feature, go to your Team SettingsBilling page. Click Edit and follow the instructions.