Skip to main content
When your app is hosted on Vercel, the Vercel Firewall (WAF) can block QA.tech before your application runs. QA.tech identifies as QATechBot in the User-Agent header—you can add a firewall rule to bypass security checks for that traffic.
This is separate from Vercel Preview Protection (password protection, Vercel Authentication, deployment protection). Use this page for Firewall / WAF rules; use the preview guide for protected preview URLs.

Allow QATechBot with a custom rule

Create a custom firewall rule in your Vercel project that bypasses remaining rules when the User-Agent contains QATechBot:
1

Open Firewall settings

In the Vercel dashboard, open your project → Firewall (or Security → Firewall).
2

Add a custom rule

Create a new custom rule with these settings:
FieldValue
NameAllow QATechBot traffic
Description (optional)Bypass security rules for QATechBot user agent to allow monitoring and testing
IfUser AgentContainsQATechBot
ThenBypass
3

Publish the rule

Save and publish the rule. Vercel applies firewall changes globally within seconds—no redeploy required.
Vercel Firewall custom rule: User Agent contains QATechBot, action Bypass
The Bypass action lets matching requests skip subsequent custom firewall rules (challenge, deny, rate limit, etc.) so QA.tech can load pages and run tests.
User-Agent can be spoofed. Any client can send User-Agent: ...QATechBot.... For stronger assurance, combine this rule with QA.tech IP allowlisting or validate traffic using bot verification.

User-Agent reference

QA.tech appends this suffix to browser automation traffic: 
QATechBot/1.0 (+https://docs.qa.tech/bot)
Your rule should match on QATechBot (substring), which covers the full automation User-Agent.

CLI example

You can also add the rule with the Vercel CLI: 
vercel firewall rules add \
  --action bypass \
  --condition "user_agent,sub,QATechBot" \
  --name "Allow QATechBot traffic" \
  --description "Bypass security rules for QATechBot user agent to allow monitoring and testing"
Publish staged firewall changes when prompted.

Vercel Preview Protection

Bypass deployment protection on preview URLs

QA.tech Bot

User-Agent format and traffic verification

IP Access

Allowlist QA.tech egress IPs

Cloudflare WAF & Turnstile

Edge blocking and Turnstile on Cloudflare
External: Vercel WAF custom rules, Vercel Firewall CLI