Should I add security headers in Next.js or vercel.json?
Either works — vercel.json headers apply to all frameworks on Vercel. Launch Auditor verifies what browsers actually receive on your production URL, regardless of where you configured them.
Vercel makes shipping fast but doesn't automatically give you HSTS, CSP, or production-grade metadata. Edge configs, preview vs production domains, and env var leaks in client chunks are the usual blockers.
Launch benchmark · Vercel
Based on 1 audit, 100% of Vercel launches miss missing caa (certification authority authorization) record.
76/100 avg score · 100% score below 80
Anonymized aggregate from completed clearance scans — no customer data.
Production deploys need baseline HTTP hardening before you share the URL.
Add Strict-Transport-Security in vercel.json headers — not enabled by default.
Audit check SEC-001 · security
Configure Content-Security-Policy for Next.js, analytics, and Stripe embeds.
Audit check SEC-003 · security
Set X-Frame-Options and Referrer-Policy on all routes.
Audit check SEC-005 · security
Audit NEXT_PUBLIC_* and leaked secrets in client-side chunks.
Audit check SEC-020 · dns ssl
Custom domains and certificate health on Vercel projects.
Verify apex and www both resolve with valid TLS — watch CAA and cert expiry.
Audit check DNS-001 · dns ssl
Confirm SPF, DKIM, and DMARC on your sending domain for transactional email.
Audit check DNS-023 · dns ssl
Core Web Vitals and load behavior under real traffic — not just localhost.
Measure Core Web Vitals on production domain — edge cache hits differ from preview.
Audit check PERF-001 · performance
Help ChatGPT, Claude, Perplexity, and Google AI cite your product accurately.
Serve llms.txt from public/ or app route for AI crawler discovery.
Audit check AIV-001 · ai visibility
FAQ
Either works — vercel.json headers apply to all frameworks on Vercel. Launch Auditor verifies what browsers actually receive on your production URL, regardless of where you configured them.
Free tier · No credit card · Create account
Pricing
Start free. Paid plans include a 7-day free trial — card required, cancel anytime.
First flight check
Serious founders shipping weekly
7-day free trial
Start Growth trialFunded teams with monitors & CI
7-day free trial
Start Professional trialAgencies & multi-client launches
7-day free trial
Start Agency trial