Vercel Analytics

Overview

Vercel Analytics is a first-party web analytics product built into the Vercel deployment platform. It provides page view tracking and Core Web Vitals measurement without using cookies, browser fingerprinting, or cross-site tracking. It is designed from the ground up to be privacy-compliant by default, making it distinct from traditional JavaScript analytics products.

What This Script Does

Vercel Analytics injects a lightweight JavaScript module into Vercel-deployed applications that reports performance and page view data without identifying individual users.

Script Files and Domains

• /_vercel/insights/script.js — The Vercel Analytics script. Served from the site's own origin (not a third-party domain) via Vercel's edge network. Approximately 2–5KB minified.
• Telemetry endpoint: /_vercel/insights/event — An edge function endpoint on the site's own domain that receives analytics events and forwards them to Vercel's analytics pipeline. Because this is a same-origin request, it is not blocked by most content blockers that target third-party requests.

No Cookies Set Vercel Analytics sets zero cookies. No persistent or session cookies are placed on the visitor's browser by the analytics script. This is by design — the cookieless architecture is Vercel Analytics' primary privacy differentiation.

No Fingerprinting The script does not collect or derive browser fingerprints. It does not access Canvas, WebGL, AudioContext, font enumeration, or any other fingerprinting surface. User agent strings are collected at a coarse level for device-type bucketing.

Data Collected Per Page View

• Page URL (the visited path)
• Referrer URL (or "direct" if no referrer)
• Approximate device type: Desktop, Mobile, or Tablet (derived from user agent, not stored verbatim)
• Country (derived from IP address at the edge; IP address is not stored)
• Core Web Vitals (if Speed Insights is also enabled): LCP, FID/INP, CLS, TTFB, FCP

Data Not Collected

• IP addresses are used only for country derivation at the edge and are not stored or associated with any event record
• No user IDs or session IDs are generated or stored
• No cross-page visit linkage (each page view is independent with no session stitching)
• No cross-site tracking

Aggregation Model All data is aggregated at the dashboard level. There are no individual visitor records — only aggregate counts per URL, per referrer source, per country, and per device type. The underlying event data is not exposed in raw form.

Consent & Compliance

Consent category: Analytics

• GDPR/ePrivacy: Vercel Analytics does not set cookies and does not use fingerprinting. Under ePrivacy Article 5(3), the consent requirement applies to accessing or storing information on a user's device — since Vercel Analytics does neither, ePrivacy's consent requirement does not apply to the script itself. Under GDPR, page view data (URL + country + device type) without a persistent identifier may be processable under legitimate interest, as the data is insufficient to identify individuals. The French CNIL has explicitly recognized that analytics tools with no cross-site tracking, no persistent identifiers, and no data sharing may qualify for an exemption from consent requirements.
• CNIL exemption criteria: Vercel Analytics meets the key criteria: limited purpose (audience measurement only), no cross-site tracking, no persistent user identifier, data not sold or shared, and data used only by the site operator.
• CCPA/CPRA: Aggregated page view data without IP address retention or user identification does not constitute personal information under CCPA.
• EU-US Data Privacy Framework: Vercel is a US company. The aggregated, anonymized nature of the data means transfer concerns are minimal. Vercel participates in the DPF.

Should You Block This Without Consent?

No. Vercel Analytics sets no cookies, performs no fingerprinting, and retains no personal data. It qualifies for the analytics consent exemption recognized by CNIL (France), ICO (UK), and other DPAs for audience measurement tools that do not track individuals. No consent banner trigger is needed for Vercel Analytics in standard configurations.