Vercel Firewall now waives CDN Requests and Fast Data Transfer for any traffic Web Application Firewall rules deny, challenge, or rate-limit. Vercel has always provided unlimited DDoS mitigation at no cost. Vercel Web Application Firewall, included in CDN cost, gives you custom rules, managed rules, and rate limiting for bad traffic that isn't DDoS. With this change, you don't pay for requests or bandwidth that Vercel Firewall denies, challenges, or rate-limits.

That means no surprise bill when a scraper hammers your product pages, a credential-stuffing botnet hits your login route, or a bot abuses an expensive API endpoint. The waiver applies automatically to every project using Vercel Firewall and no configuration is required. Learn how to implement WAF rules in the .firewall documentation Read more