Cloudflare CDN in Front of Vercel: Worth It? The Practical Guide to Free Hosting

Programming· 4 min read

Cloudflare CDN in Front of Vercel: Worth It? The Practical Guide to Free Hosting

The problem nobody mentions

Recently I was building an application receiving traffic from across Europe and Latin America. Vercel is incredible for fast deployment, but I started noticing something: my users in Madrid had different latency than those in Buenos Aires.

Vercel already includes a CDN. So why add Cloudflare?

The answer isn't obvious, and the official documentation discourages it. But after experimenting with several projects, I discovered there are cases where it's worth it.

Why Vercel discourages reverse proxies

Vercel is right in their warning. When you put Cloudflare in front of Vercel, you introduce:

  • **Unnecessary complexity**: More layers = more failure points
  • **Confusing headers**: Vercel needs certain headers to work correctly
  • **Conflicting caches**: Two caching systems fighting each other
  • **Harder debugging**: Where's the problem coming from? Cloudflare or Vercel?

But here's the important part: there are cases where the benefits outweigh the costs.

When YES, Cloudflare + Vercel makes sense

#### 1. DDoS protection and advanced security

Cloudflare offers DDoS protection that goes beyond what Vercel includes. If your application is a frequent target (fintech, crypto, public services), Cloudflare adds a defense layer worth considering.

In Europe, if you work with sensitive or regulated data, this extra security layer might be a compliance requirement.

#### 2. Granular cache control

Vercel handles caching automatically, which is great. But sometimes you need surgical control:

  • Cache certain assets for months
  • Don't cache specific endpoints
  • Purge cache on demand

Cloudflare gives you that control with Workers and Rules.

#### 3. URL rewriting and transformations

If you need to modify requests/responses before they reach Vercel (change headers, rewrite URLs, add authentication), Cloudflare Workers is more flexible than Vercel's configuration.

#### 4. Multiple origins

Maybe your architecture isn't just Vercel. You have APIs elsewhere, assets on another server. Cloudflare can unify everything under one domain with centralized logic.

When NO, it doesn't make sense

Most cases. If your application is:

  • An MVP or early-stage startup
  • A blog or static site
  • A standard application without special security requirements
  • A personal project

Adding Cloudflare is overhead. Keep the architecture simple.

How to implement it without breaking things

If you decide you need it, here's the correct way:

#### Step 1: Configure DNS correctly

``` In Cloudflare:

  • Point your domain to Vercel
  • Make sure the CNAME is correct
  • DO use "Proxied" (the orange cloud), not "DNS only"

```

#### Step 2: Critical headers

Vercel needs certain headers to function. Configure Cloudflare to preserve them:

``` In Cloudflare Rules:

  • Preserve: X-Forwarded-For
  • Preserve: X-Forwarded-Proto
  • Preserve: X-Forwarded-Host

```

Without this, Vercel might not correctly detect HTTPS protocol or client IP.

#### Step 3: Smart caching

Cloudflare caches everything by default. For Next.js/Vercel, you need to be specific:

``` Cloudflare Page Rules:

1. /api/* → Cache Level: Bypass 2. /_next/* → Cache Level: Cache Everything 3. /images/* → Cache Level: Cache Everything (TTL: 1 month) 4. /* → Cache Level: Bypass (for dynamic HTML) ```

The idea: only cache static assets, not dynamic HTML.

#### Step 4: Monitoring

Now you have two caching systems. Monitor:

  • Cache hit rates in Cloudflare
  • Response times from different regions
  • Origin errors (5xx from Vercel)

The real experiment

On a recent project, I implemented this:

Before: Vercel only

  • Average latency: acceptable
  • No additional DDoS protection
  • Limited cache control

After: Cloudflare + Vercel

  • Similar latency (Vercel already had CDN)
  • Improved DDoS protection
  • Granular cache control
  • More complex headers possible

Was it worth it? For that specific project, yes. It was an application with security requirements and cache control needs that justified the added complexity.

For other projects: no.

The real takeaway

Don't do this because it's "cool" or because others do it. Do it because it solves a specific problem you have.

The right question isn't "Should I use Cloudflare + Vercel?"

The right question is: "What specific problem do I have that Cloudflare solves and that Vercel alone can't?"

If you don't have a clear answer, keep the architecture simple.

In Europe, we tend toward overengineering. Building in public means showing what works, not what's most complex. Start with Vercel alone. Add Cloudflare when you really need it.

The best architecture is one you fully understand and can debug in 15 minutes.

---

Are you using Cloudflare + Vercel? Tell me in the comments what specific problem it solves for you. Those real cases are more valuable than any theoretical guide.