feature insight

Vercel puts production source maps behind authentication…

Vercel launched Protected Source Maps so browser `.map` files return 404 to the public while staying available to authenticated team members. The feature is enabled by default for new projects and existing projects can opt in without a redeploy.

Published May 14, 2026 Updated May 19, 2026 1 sources

VercelProtected Source Mapssecuritysecurity featuremedium impact

securitydeveloper-platformssource-mapsdeployment-protectionsecurity-feature

Impact: medium
Confidence: 98%
Change type: security feature
First seen: May 14, 2026
Last updated: May 19, 2026
Audience: security teamsfrontend teamsplatform engineers
Status: Published

Summary

Vercel launched Protected Source Maps so browser .map files return 404 to the public while staying available to authenticated team members. The feature is enabled by default for new projects and existing projects can opt in without a redeploy.

What changed

Vercel introduced Protected Source Maps to restrict production browser source maps to authenticated team access.

Why it matters

Source maps are useful for debugging but can also expose readable production code structure, filenames, and stack traces. Making protection a platform default reframes source maps as sensitive operational artifacts instead of static assets that teams have to remember to hide on their own.

Evidence excerpt

Vercel says Protected Source Maps put browser .map files behind Vercel Authentication, with new projects enabled by default and existing projects able to opt in without redeploying.

Sources

vercel.com