Skip to content

A comprehensive list of questions to run through before launching your application on Vercel, prepared by the Vercel Engineering team. It is strongly recommended that you complete as many items below as possible from the list below.

  • Have you set up a Content Security Policy (CSP)?
  • Have you addressed all security alerts made available to you by your Git provider?
  • Have you protected your Preview Deployments with Password Protection or SSO Protection (Enterprise plans only)?
  • Have you implemented the Preview Deployment Suffix to use a custom domain for Preview Deployments?
  • Have you considered enabling your Vercel team members to authenticate their current session with SAML SSO? (Enterprise plans only)
  • Have you added an instructional page for users to report abuse? (Recommended for Platforms built on Vercel)
  • Have you committed your package-lock.json, yarn.lock or pnpm-lock.yaml to your repository to ensure that what was pinned during development is what Vercel will build against and deploy?