Hello !
Default vercel DDos mitigation is restricting my frontend app to make request on my backend.
Both are deployed on vercel but I am having this issue.
FYI, There is no such anonymous activity it’s just my frontend trying to fetch response from backend app.
FE: Nextjs
BE: Express
Below is what I get from response header.
cache-control
private, no-store, max-age=0
content-length
93
content-type
application/json
date
Sun, 03 May 2026 05:18:42 GMT
server
Vercel
x-vercel-id
bom1::78rdj-1777785522542-a3af072d68b9
x-vercel-mitigated
deny
I don’t have any rules which can affect this , this is leading my request just getting denied from firewall and not even reaching my backend !
Please help me how can I resolve this.
As I am in hobby plans I can’t have system rule which can just bypass this