Vercel security overview

Cloud-deployed web applications face constant security threats, with attackers launching millions of malicious attacks weekly. Your application, users, and business require robust security measures to stay protected.

A comprehensive security strategy requires both active protection, robust policies, and compliance frameworks:

• Security governance and policies ensure long-term organizational safety, maintain regulatory adherence, and establish consistent security practices across teams.
• A Multi-layered protection system provides active security against immediate threats and attacks.

Learn about the protection and compliance measures Vercel takes to ensure the security of your data, including DDoS mitigation, SOC2 Type 2 compliance, Data encryption, and more.

A shared responsibility model is a framework designed to split tasks and obligations between two groups in cloud computing. The model divides duties to ensure security, maintenance, and service functionality.

Out of the box, every Deployment on Vercel is served over an HTTPS connection. The SSL certificates for these unique URLs are automatically generated free of charge.

Understand how Vercel protects every incoming request with multiple layers of firewall and deployment protection.

The Vercel firewall helps to protect your applications and websites from malicious attacks and unauthorized access through:

• An enterprise-grade platform-wide firewall available for free for all customers with no configuration required that includes automatic DDoS mitigation and protection against low quality traffic.
• A Web Application Firewall (WAF) that supports custom rules, managed rulesets, and allows customers to challenge automated traffic. You can customize the WAF at the project level.
• Observability into network traffic and firewall activity, including the access to firewall logs.