Vercel’s May 18 changelog entry quietly closes a pricing gap that should never have existed: WAF-blocked requests no longer count toward your CDN Requests or Fast Data Transfer usage. The waiver applies automatically, no configuration needed. Cloudflare has operated under this model for years. Vercel is catching up, and the terms of the catch-up reveal where the next pricing fight will be.
What changed on May 18
Prior to this change, Vercel billed for every request that hit its edge, including requests its own Web Application Firewall rejected. DDoS mitigation was always free. The new policy extends that principle to WAF-filtered traffic: any request denied, challenged, or rate-limited by a WAF rule is excluded from billable usage.
The practical effect depends on your traffic profile. A site absorbing a sustained bot flood that previously triggered thousands of billable WAF denies per minute will see the clearest savings. A site with low attack volume will notice nothing, which is the point: the old model charged you for the privilege of being attacked.
Cloudflare set the terms years ago
Cloudflare’s Free plan already includes unlimited CDN bandwidth and unmetered DDoS protection. The Pro tier ($20/month) and Business tier ($200/month) add more WAF features, but none of them charge per blocked request. Cloudflare’s network capacity sits at 500 Tbps across 330+ data centres, and the company handled a 31.4 Tbps DDoS attack in December 2025, the largest on record. When your network absorbs 200 million requests per second from an Aisuru botnet without charging the target for the bandwidth, the pricing signal is clear: attack traffic is the vendor’s problem, not the customer’s line item.
Vercel’s move brings its billing model into alignment with that expectation. The frame is not “Vercel innovates” but “Vercel stops doing the thing Cloudflare never did.”
The classification surface
Here is where it gets interesting. The waiver covers traffic “denied, challenged, or rate-limited” by WAF rules. Vercel WAF supports actions including deny, challenge, rate_limit, log, bypass, and redirect. The first three are covered by the waiver. The fourth one, log, is not. A rule set to log-only matches the traffic, inspects it, records it, and passes it through. That traffic remains billable.
This distinction matters because “mitigated” is a vendor-defined classification. Vercel controls which action types qualify for the free tier. If a future policy change narrows the definition, or introduces a new action type that falls outside the waiver, the billing surface shifts without the customer changing a single rule.
The bottleneck moves from raw bandwidth cost to mitigation-rate transparency. Teams need to know not just how many requests were blocked, but how they were classified. If the vendor’s dashboard claims a high mitigation rate but a large share of that mitigation was log-only, the bill tells a different story than the marketing.
How Vercel WAF works
Vercel’s WAF matches requests by path, method, IP, geo, headers, cookies, JA4 TLS fingerprint, and bot category. Rules are staged as drafts and published via vercel firewall publish. The action taxonomy is standard for edge WAFs: deny for hard blocks, challenge for CAPTCHA or JavaScript challenges, rate_limit for throttling, log for observation, bypass for allowlisting, and redirect.
The JA4 fingerprint matching is worth noting. It allows WAF rules to target TLS client characteristics rather than just IP or header patterns, which makes bot detection less dependent on IP reputation databases that themselves can become stale. Whether this justifies Vercel’s premium pricing over a direct Cloudflare contract depends on how much of your traffic actually originates from TLS-fingerprinted botnets versus simple volumetric floods.
The perverse incentive of attack billing
Before this change, a sustained DDoS attack on a Vercel-hosted site generated revenue for Vercel. Every blocked request still counted as a billable CDN request. The harder the attack, the higher the invoice. This is not unique to Vercel; it was the default billing model for most edge platforms before Cloudflare normalized unmetered mitigation.
The 31.4 Tbps attack Cloudflare absorbed in December 2025 illustrates the distortion. At that volume, a per-request billing model would have produced an invoice that exceeded the annual contract value of most mid-tier CDN customers. The attack itself becomes a cost event, and the vendor benefits from the customer’s misfortune. Removing that alignment is not generosity; it is the minimum acceptable pricing model for a product that sells security.
Where the competitors stand
Fastly’s Edge WAF takes a different architectural approach: each request requiring inspection gets a temporary isolated sandbox that terminates after processing. Fastly’s network capacity (532 Tbps across 129 PoPs) is comparable to Cloudflare’s in raw throughput, though with significantly fewer edge locations.
As of May 2026, no source confirms whether Fastly or Akamai charge for WAF-blocked traffic. The article does not assert either way. What is observable: neither has made a public pricing change in response to Vercel’s announcement, and neither markets “free mitigated traffic” as a feature the way Cloudflare does. In a market where the two lowest-cost providers (Cloudflare free tier, Vercel’s new model) both exclude blocked requests from billing, the holdouts carry the burden of explaining why a bot flood still shows up on the invoice.
The breach context
Vercel disclosed a security breach on April 19, 2026, originating from a compromise of third-party AI tool Context.ai. An attacker accessed a Vercel employee’s Google Workspace account and some non-sensitive environment variables. Stolen data was later offered for $2 million on BreachForums.
The timing is uncomfortable. A company tightening its security-pricing model one month after a breach invites scrutiny about whether the pricing change is a product decision or a reputation-management move. The two are not mutually exclusive, but the optics mean the waiver will be evaluated against Vercel’s own security track record, not just against competitor pricing tables.
What this means for platform evaluation in 2026
The relevant comparison is no longer “does the WAF block attacks?” Every edge WAF worth deploying blocks attacks. The comparison is “what shows up on the invoice after an attack, and can I audit the classification logic that produced that number?”
Teams evaluating edge platforms should ask three questions:
- Which WAF actions are excluded from billing? If the answer is only “denied,” then rate-limited and challenged traffic may still generate charges.
- Is the classification auditable? Can you export WAF logs and reconcile the action counts against your bill, or are you trusting the vendor’s dashboard?
- What happens during an active incident? If an attack spikes traffic 100x and the WAF blocks most of it, does the remaining fraction (legitimate traffic plus whatever leaked through) produce a proportional bill, or are you paying for the attack volume as well?
Vercel’s answer to the first question is now aligned with Cloudflare’s: denied, challenged, and rate-limited. The second and third questions remain open across the industry. The vendor that publishes transparent mitigation-rate accounting, not just transparent pricing, will be the one that actually sets the next standard.
Frequently Asked Questions
What does Cloudflare include on its free tier that Vercel doesn’t match?
Cloudflare’s Free plan ($0) bundles universal SSL, a basic WAF with managed rulesets, unlimited CDN bandwidth, and unmetered DDoS protection — no per-request or per-GB charges on any tier. Paid tiers (Pro $20/month, Business $200/month, Enterprise custom pricing) maintain zero charges for blocked traffic. The only usage-based billing appears on optional add-ons like Argo Smart Routing at $0.10/GB. Vercel’s comparable offering bundles security into its platform pricing rather than providing a standalone free security tier.
What WAF action types remain billable despite the new waiver?
Bypass and redirect actions are not covered — only deny, challenge, and rate_limit qualify. A rule that redirects suspicious traffic to a honeypot URL, or that allowlists specific IPs via bypass, generates billable CDN requests despite being security-motivated. Log-only matches are also excluded. Teams should audit their rule sets to understand what proportion of their security actions fall outside the three covered types, since multi-action strategies may produce a larger bill than the waiver headline suggests.
How does Fastly’s sandbox architecture affect the economics of free mitigated traffic?
Fastly’s Edge WAF creates and destroys an isolated sandbox per inspected request — a model with higher marginal cost than the shared-rule evaluation used by Vercel and Cloudflare. Fastly’s raw network capacity (532 Tbps) slightly exceeds Cloudflare’s (500 Tbps), but with 129 PoPs versus 330+. Neither Fastly nor Akamai has publicly adopted zero-charge WAF-mitigated-traffic billing as of May 2026, and the per-request isolation cost structure may be a factor in that decision.
How do Cloudflare’s managed WAF rulesets differ from Vercel’s custom-rule model?
Cloudflare’s free tier includes managed rulesets — pre-built, vendor-maintained rule collections covering common attack patterns like OWASP Top 10 that require no customer configuration. Vercel’s WAF is entirely custom-rule-driven: teams must author rules matching by path, IP, geo, JA4 fingerprint, and other signals. Teams without dedicated security staff get baseline protection and billing benefits from Cloudflare at zero configuration cost, whereas Vercel’s model requires active rule authorship before any waiver-driven savings appear on the invoice.