Vercel Preview Protection Bypass
When testing Vercel preview deployments that are protected with Password Protection, Vercel Authentication, or Trusted IPs, you need to configure QA.tech to bypass these protection mechanisms. This guide shows you how to set up automated testing with Vercel’s Protection Bypass for Automation feature.Overview
Vercel’s Protection Bypass for Automation allows automated tools like QA.tech to access protected deployments using a special secret. This bypasses all deployment protection methods including:- Password Protection
- Vercel Authentication
- Trusted IP restrictions
Setting Up Vercel Protection Bypass
Step 1: Enable Protection Bypass in Vercel
1
Navigate to Project Settings
Go to your Vercel project dashboard and navigate to Settings → Deployment
Protection
2
Enable Protection Bypass
Find the Protection Bypass for Automation section and enable it. This
will generate a secret token.
3
Copy the Secret
Copy the generated secret - you’ll need this for configuring QA.tech
The secret is automatically added to your Vercel deployments as the
environment variable
VERCEL_AUTOMATION_BYPASS_SECRET
. Regenerating the
secret will invalidate previous deployments, requiring a redeploy to use the
new value.Step 2: Configure Project URL with Query Parameters
Configure your project URL to include the bypass parameters directly:1
Navigate to Project Settings
Go to Settings → Project
Settings in your
QA.tech project
2
Update Project URL
Modify your project URL to include the bypass query parameters. For example,
if your Vercel preview URL is:
https://example-vercel-protected-git-branch-qa-tech.vercel.app
Update it to:
https://example-vercel-protected-git-branch-qa-tech.vercel.app?x-vercel-protection-bypass=YOUR_SECRET&x-vercel-set-bypass-cookie=true
Replace YOUR_SECRET
with the secret you copied from Step 1.3
Save Configuration
Save your project settings. QA.tech will now use this URL format for all
tests, automatically bypassing Vercel’s protection.
When you visit a Vercel URL with these query parameters, Vercel automatically
redirects to a clean URL without the query parameters after setting the bypass
cookie. This makes it a clean solution that doesn’t require managing custom
headers.
Query Parameter Configuration Details
Required Parameters
-
Parameter:
x-vercel-protection-bypass
- Value: Your generated Vercel secret
- Purpose: Bypasses all deployment protection mechanisms
-
Parameter:
x-vercel-set-bypass-cookie
-
Value:
true
- Purpose: Sets a bypass cookie for subsequent requests, ensuring consistent access throughout the test session