To test, share, or exclude specific domains from Deployment Protection, you can use the following methods to allow specific access while maintaining overall security:
- Shareable Links: Shareable links enable external users to access specific branch deployments by appending a secure query parameter to the URL
- Protection Bypass for Automation: Use a secret to bypass protection features for all deployments in a project, such as for end-to-end (E2E) testing
- Deployment Protection Exceptions: Specify preview domains that should be exempt from deployment protection
Shareable Links are available on all plans
Sharable Links allow external access to specific branch deployments through a secure query parameter. Users with this link can see the latest deployment and leave comments (if enabled and logged in with their Vercel account).
For example, if you generate a Sharable Link for the
feature-new-ui branch. Users with this link can view the latest deployment and comment.
Learn more about Sharable Links, and how to generate and revoke them.
For automated tasks like end-to-end (E2E) testing, you can use Protection bypass for Automation. When enabled, it generates a secret that can be used as a System Environment Variable (
VERCEL_AUTOMATION_BYPASS_SECRET) to bypass protection features for all deployments in a project.
For example, you set up E2E tests that run on deployments. By using this feature and the generated secret, your tests can bypass the protection mechanisms.
Learn more about Protection bypass for Automation, and how to enable and disable it.
With Deployment Protection Exceptions you can specify preview domains that should be exempt from deployment protection. Adding a domain to Deployment Protection Exceptions makes it publicly accessible, bypassing features like Vercel Authentication, Password Protection, and Trusted IPs.
For example, if you add
preview-branch-name.vercel.app to Deployment Protection Exceptions, this domain becomes publicly accessible, bypassing the project's deployment protection settings. When removed, it reverts to the default protection settings.
Learn more about Deployment Protection Exceptions, and how to add and remove domains.