Web Application Firewall mitigated traffic is free on Vercel
Vercel has announced that it will waive CDN requests and fast data transfer fees for traffic that is denied, challenged, or rate-limited by its Web Application Firewall. This change ensures that users will not incur unexpected charges when dealing with malicious traffic, such as scrapers or botnets. The waiver is automatically applied to all projects using the Vercel Firewall, requiring no additional configuration.
- ▪Vercel Firewall now waives fees for denied, challenged, or rate-limited traffic.
- ▪Users will not pay for requests or bandwidth that the firewall blocks.
- ▪The waiver applies automatically to every project using Vercel Firewall.
Opening excerpt (first ~120 words) tap to expand
1 min readCopy URLMay 18, 2026Vercel Firewall now waives CDN Requests and Fast Data Transfer for any traffic Web Application Firewall rules deny, challenge, or rate-limit.Vercel has always provided unlimited DDoS mitigation at no cost. Vercel Web Application Firewall, included in CDN cost, gives you custom rules, managed rules, and rate limiting for bad traffic that isn't DDoS. With this change, you don't pay for requests or bandwidth that Vercel Firewall denies, challenges, or rate-limits. That means no surprise bill when a scraper hammers your product pages, a credential-stuffing botnet hits your login route, or a bot abuses an expensive API endpoint.The waiver applies automatically to every project using Vercel Firewall and no configuration is required.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Vercel Blog.
Discussion
0 commentsMore from Vercel Blog
