Vercel Preview Protection Bypass

When testing Vercel preview deployments that are protected with Password Protection, Vercel Authentication, or Trusted IPs, you need to configure QA.tech to bypass these protection mechanisms. This guide shows you how to set up automated testing with Vercel’s Protection Bypass for Automation feature.

Overview

Vercel’s Protection Bypass for Automation allows automated tools like QA.tech to access protected deployments using a special secret. This bypasses all deployment protection methods including:
  • Password Protection
  • Vercel Authentication
  • Trusted IP restrictions

Setting Up Vercel Protection Bypass

Step 1: Enable Protection Bypass in Vercel

1

Navigate to Project Settings

Go to your Vercel project dashboard and navigate to Settings → Deployment Protection
2

Enable Protection Bypass

Find the Protection Bypass for Automation section and enable it. This will generate a secret token.
3

Copy the Secret

Copy the generated secret - you’ll need this for configuring QA.tech
The secret is automatically added to your Vercel deployments as the environment variable VERCEL_AUTOMATION_BYPASS_SECRET. Regenerating the secret will invalidate previous deployments, requiring a redeploy to use the new value.

Step 2: Configure Device Preset in QA.tech

Now you’ll configure a device preset in QA.tech to include the bypass headers:
1

Navigate to Device Presets

Go to Settings → Device Presets in your QA.tech project
2

Create or Edit Preset

Either create a new device preset or edit an existing one that you’ll use for Vercel testing
3

Add Custom Headers

In the preset configuration: - Click “Custom Headers” - Add a new header with name: x-vercel-protection-bypass - Set the value to your Vercel secret (the one you copied in Step 1) - Optionally add: x-vercel-set-bypass-cookie with value true for browser-based testing
4

Save Preset

Click “Create” or “Save” to save your device preset with the bypass headers

Header Configuration Details

Required Header

  • Header Name: x-vercel-protection-bypass
  • Header Value: Your generated Vercel secret
  • Purpose: Bypasses all deployment protection mechanisms