How to Handle Vercel Security Checkpoint Error

TL;DR: When you encounter "We're verifying your browser" blocking all traffic to your site, it's usually when Attack Challenge Mode is enabled or when Vercel's DDoS mitigation falsely flags legitimate traffic. The solution is temporarily disable Attack Challenge Mode and/or pause system-level mitigations for 24 hours.

What is the Vercel Security Checkpoint Error?

If you're experiencing the vercel security checkpoint error where users see "We're verifying your browser: Vercel Security Checkpoint" blocking all traffic to your site, it means Vercel's DDoS protection has automatically activated to protect against what it perceives as malicious traffic.

This vercel browser verification error can completely block legitimate users from accessing your production site.

Common Symptoms:

All users see the security checkpoint page
Requests return HTML of Vercel checkpoint pages instead of your content
GraphQL or API endpoints experience timeouts
TLS connection errors with ECONNRESET codes

Why This Happens

This can happen due to two reasons:

You have enabled Attack Challenge Mode. In this mode, every user visiting the site must complete a security challenge before accessing your site. All requests from genuine users will also be challenged.
When Vercel's system-level DDoS mitigation thinks it's a potential malicious request. This false positive behavior can occur due to the following reasons:

Traffic patterns change suddenly
Using proxies/CDNs like Cloudflare infront of your Vercel apps
High volume of API requests from similar sources

Handling Vercel Security Checkpoint Error

If You Have Attack Challenge Mode Enabled

If you aren't facing any DDoS attack, disable the Attack Challenge Mode:

Go to your Vercel project dashboard
Navigate to Firewall tab
Click the menu button with the ellipsis icon at the top right of the Firewall tab
Select Disable Attack Mode
Wait for changes to propagate (usually under 5 minutes)

If You're Experiencing False Positives from DDoS Mitigation

When Vercel's automatic DDoS protection incorrectly flags legitimate traffic, the issue should automatically resolve within an hour as the system learns your traffic patterns.

If the issue persists beyond an hour, you can create a "bypass system-level mitigations" rule so Vercel DDoS pauses automatic mitigation:

Go to your Vercel project dashboard
Navigate to Firewall tab
Click the menu button with the ellipsis icon at the top right of the Firewall tab
Select Pause System Mitigations
Review the warning in the dialog and confirm to pause all automatic mitigations for the next 24 hours

Important: The bypass system-level mitigations feature is only available for Pro and Enterprise customers and not Hobby users.

⚠️ Warning: Bypassing system-level mitigations temporarily removes DDoS protection from your project, leaving it vulnerable to actual attacks.

How to Handle Vercel Security Checkpoint Error

What is the Vercel Security Checkpoint Error?

This vercel browser verification error can completely block legitimate users from accessing your production site.

Common Symptoms:

All users see the security checkpoint page
Requests return HTML of Vercel checkpoint pages instead of your content
GraphQL or API endpoints experience timeouts
TLS connection errors with ECONNRESET codes

Why This Happens

This can happen due to two reasons:

You have enabled Attack Challenge Mode. In this mode, every user visiting the site must complete a security challenge before accessing your site. All requests from genuine users will also be challenged.
When Vercel's system-level DDoS mitigation thinks it's a potential malicious request. This false positive behavior can occur due to the following reasons:

Traffic patterns change suddenly
Using proxies/CDNs like Cloudflare infront of your Vercel apps
High volume of API requests from similar sources

Handling Vercel Security Checkpoint Error

If You Have Attack Challenge Mode Enabled

If you aren't facing any DDoS attack, disable the Attack Challenge Mode:

Go to your Vercel project dashboard
Navigate to Firewall tab
Click the menu button with the ellipsis icon at the top right of the Firewall tab
Select Disable Attack Mode
Wait for changes to propagate (usually under 5 minutes)

If You're Experiencing False Positives from DDoS Mitigation

When Vercel's automatic DDoS protection incorrectly flags legitimate traffic, the issue should automatically resolve within an hour as the system learns your traffic patterns.

If the issue persists beyond an hour, you can create a "bypass system-level mitigations" rule so Vercel DDoS pauses automatic mitigation:

Go to your Vercel project dashboard
Navigate to Firewall tab
Click the menu button with the ellipsis icon at the top right of the Firewall tab
Select Pause System Mitigations
Review the warning in the dialog and confirm to pause all automatic mitigations for the next 24 hours

Important: The bypass system-level mitigations feature is only available for Pro and Enterprise customers and not Hobby users.

⚠️ Warning: Bypassing system-level mitigations temporarily removes DDoS protection from your project, leaving it vulnerable to actual attacks.

How to Handle Vercel Security Checkpoint Error

How to Handle Vercel Security Checkpoint Error

What is the Vercel Security Checkpoint Error?

Why This Happens

Handling Vercel Security Checkpoint Error

If You Have Attack Challenge Mode Enabled

If You're Experiencing False Positives from DDoS Mitigation

Don't just read about it—fix it

How to Handle Vercel Security Checkpoint Error

How to Handle Vercel Security Checkpoint Error

What is the Vercel Security Checkpoint Error?

Why This Happens

Handling Vercel Security Checkpoint Error

If You Have Attack Challenge Mode Enabled

If You're Experiencing False Positives from DDoS Mitigation

Don't just read about it—fix it