Sample pack · A

vercel.com

Audit-ready — platform-grade hardening across the board

Summary

Vercel's own marketing domain shows the security defaults the platform encourages: enforced DMARC, modern TLS, comprehensive security headers, and a tight web surface. A useful reference for teams hosting on Vercel who want to compare their own subdomain against the parent.

Highlights from the scan

DMARCp=reject with rua aggregate reporting
TLSTLS 1.3 on apex + www, CT-logged cert
HeadersHSTS, X-Content-Type-Options, Referrer-Policy
Redirectsclean apex → www over HTTPS

Download the pack

Signed pack for vercel.com, generated against the live posture at the time the founder ran the build script. Verify the Ed25519 signature against /.well-known/evidence-pack-pubkey.pem.

Download PDF →Download JSON sidecar

See it live

The same 15-check methodology is also available on-demand at /d/vercel.com.

← All sample packs

Methodology v1 — the exact rules used to produce this pack.