Vercel Preview Protection Bypass

When testing Vercel preview deployments that are protected with Password Protection, Vercel Authentication, or Trusted IPs, you need to configure QA.tech to bypass these protection mechanisms. This guide shows you how to set up automated testing with Vercel’s Protection Bypass for Automation feature.

Overview

Vercel’s Protection Bypass for Automation allows automated tools like QA.tech to access protected deployments using a special secret. This bypasses all deployment protection methods including:
  • Password Protection
  • Vercel Authentication
  • Trusted IP restrictions

Setting Up Vercel Protection Bypass

Step 1: Enable Protection Bypass in Vercel

1

Navigate to Project Settings

Go to your Vercel project dashboard and navigate to Settings → Deployment Protection
2

Enable Protection Bypass

Find the Protection Bypass for Automation section and enable it. This will generate a secret token.
3

Copy the Secret

Copy the generated secret - you’ll need this for configuring QA.tech
The secret is automatically added to your Vercel deployments as the environment variable VERCEL_AUTOMATION_BYPASS_SECRET. Regenerating the secret will invalidate previous deployments, requiring a redeploy to use the new value.

Step 2: Configure Project URL with Query Parameters

Configure your project URL to include the bypass parameters directly:
1

Navigate to Project Settings

Go to Settings → Project Settings in your QA.tech project
2

Update Project URL

Modify your project URL to include the bypass query parameters. For example, if your Vercel preview URL is: https://example-vercel-protected-git-branch-qa-tech.vercel.appUpdate it to: https://example-vercel-protected-git-branch-qa-tech.vercel.app?x-vercel-protection-bypass=YOUR_SECRET&x-vercel-set-bypass-cookie=trueReplace YOUR_SECRET with the secret you copied from Step 1.
3

Save Configuration

Save your project settings. QA.tech will now use this URL format for all tests, automatically bypassing Vercel’s protection.
When you visit a Vercel URL with these query parameters, Vercel automatically redirects to a clean URL without the query parameters after setting the bypass cookie. This makes it a clean solution that doesn’t require managing custom headers.

Query Parameter Configuration Details

Required Parameters

  • Parameter: x-vercel-protection-bypass
  • Value: Your generated Vercel secret
  • Purpose: Bypasses all deployment protection mechanisms
  • Parameter: x-vercel-set-bypass-cookie
  • Value: true
  • Purpose: Sets a bypass cookie for subsequent requests, ensuring consistent access throughout the test session