The generated secret can be used to bypass deployment protection on all deployments in a project until it is revoked. This value will also be automatically added to your deployments as a system environment variable
The environment variable value is set when a deployment is built, so regenerating the secret in the project settings will invalidate previous deployments. You will need to redeploy your app if you update the secret in order to use the new value.
To use Protection Bypass for Automation, set an HTTP header (or query parameter) named
x-vercel-protection-bypass with the value of the generated secret for the project.
Using a header is strongly recommended, however in cases where your automation tool is unable to specify a header, it is also possible to set the same name and value as a query parameter.
x-vercel-protection-bypass: your-generated-secret (required)
To bypass authorization on follow-up requests (e.g. for in-browser testing) you can set an additional header or query parameter named
x-vercel-set-bypass-cookie with the value
This will set the authorization bypass as a cookie using a redirect with a
x-vercel-set-bypass-cookie: true (optional)
If you are accessing the deployment through a non-direct way (e.g. in an
iframe) then you may need to further configure
x-vercel-set-bypass-cookie by setting the value to
This will set
None on the
Set-Cookie header, by default
SameSite is set to
x-vercel-set-bypass-cookie: samesitenone (optional)