Manage real-time app traffic
Implement your own protections with custom rules, managed rulesets, and Vercel BotID, all from a single firewall dashboard with live traffic insights.
Layered defenses for different kinds of threats.
DDoS Protection
Protect uptime and control infrastructure cost by filtering high-volume request floods.
Web Application Firewall
Apply custom rules to implement business logic and stop credential stuffing, malformed requests, and vulnerable routes.
Bot Protection
Catch non-browser agents, spoofed headers, and simple replay attacks.
Automatically mitigate Layer 3, DDoS, and other high-volume attacks before they reach your applications.
Use the WAF's UI or API to define custom business logic and precisely control traffic.
Mitigate the most critical risks, like OWASP Top 10, using predefined advanced rulesets.
Browser checks help ensure that only legitimate users can access your application during an attack.
Know who’s crawling your site
The bots.fyi directory is a public list of verified bots maintained by Vercel. It’s continuously updated to reflect new services, helping you stay informed and make better decisions about which automated traffic to allow.
Stop attacks before they reach your app and critical endpoints.
Stop volumetric attacks
Vercel Firewall filters billions of requests per week across TCP and HTTP layers by default.
Defend in real-time
Blocks L3/L4 and L7 DDoS attacks in real time across the entire platform.
Detection modes
Basic or deep Kasada-powered analysis, easily configurable.
Detect non-browser traffic
Identify and block headless browsers, scripts, and automation tools.
Block unauthorized AI crawlers
Optionally block known AI scrapers and model trainers with one toggle.
Session-level validation
Challenges suspicious sessions or validates traffic invisibly with Vercel BotID.
