Hi Fastly users + friends,
Fastly has delivered a number of product updates across security, performance, observability, and developer experience. Key security advancements include a third-party PCI DSS assessment for Client-Side Protection, a new Managed Security Professional service tier, and the Adaptive Threat Engine for DDoS Protection with nearly 72% faster mitigation. Performance and developer-focused releases and a streamlined free-tier signup — make it faster and easier to build and optimize at the edge. Observability improvements such as ungated Custom Dashboards and Alerts, Domain Inspector for Compute give all customers deeper, out-of-the-box visibility. Combined with new API Discovery tools, Object Storage migration capabilities, and platform unification milestones, these releases underscore Fastly's continued investment in giving teams more control, stronger security, and a frictionless developer experience.
Network Services
Regional Log Aggregation (US & EU)
Regional Log Aggregation gives customers explicit control over where their Fastly log data is processed and delivered. The initial release supports log processing within the European Union (EU) and United States (US), with additional regions to follow. This capability is built for organizations navigating complex compliance landscapes — particularly those subject to GDPR, Schrems II, or other data residency and sovereignty requirements. With Regional Log Aggregation, customers can keep Fastly log data within the EU or US to align with regional regulations, improve their data localization and security posture, and simplify compliance reporting for audits and certifications.
Domain Research API
The Domain Research API is a real-time, programmatic method for checking domain availability and retrieving domain search results that customers can integrate directly into their websites and applications. It is designed for website builders, hosting providers, e-commerce and CMS platforms, domain registrars and marketplaces, reselling platforms, and branding, marketing, and SaaS platforms that need domain search and discovery experiences. The API enables customers with "custom domain" integrations to power domain search and discovery for their end users — streamlining domain registration workflows and opening new product possibilities for platform businesses.
Signup Credit Card Gating, CDN Free Tier & Self-Purchase (WebSockets & Domain Research API)
Fastly is updating its signup process with credit card gating, a CDN free tier, and self-purchase options for WebSockets and the Domain Research API. These changes are designed to simplify the customer experience, broaden platform adoption, and protect against abuse — particularly benefiting modern developers seeking low-friction onboarding and transparent pricing.
Security
Independent 3rd-Party Assessment for Client-Side Protection
Fastly has completed an independent third-party assessment of its Client-Side Protection product, validating its effectiveness in helping customers meet PCI DSS requirements 6.4.3 and 11.6.1. This assessment is designed for customers and prospects evaluating Client-Side Protection who need assurance that the product provides proper controls for complying with PCI 4.0.1 sections 6.4.3 and 11.6.1. T
FIPS 140-3 Compliant Fastly Security Agent for Next-Gen WAF
The libraries and backend connections of the Fastly Security (Next-Gen WAF) Agent have been upgraded to meet FIPS 140-3 compliance — the latest North American security standard for hardware and software handling sensitive information. This upgrade is especially important for customers operating in regulated sectors or processing sensitive government information who require FIPS 140-3 compliance as part of their security reviews and federal compliance efforts. FIPS 140-3 ensures that security components are secure, tamper-resistant, and properly implemented.
Tree View for API Security
Tree View is a new UI mode for API discovery that presents API endpoints in a hierarchical structure, showing how endpoints relate to primary resources — as opposed to the default chronological table view. All existing API Security customers can use Tree View without any additional action required, and it is especially valuable for platform engineers reviewing, documenting, and securing API endpoints. Tree View makes it easier to understand relationships between API endpoints — for example, /api/v1/users/{id}/orders and /api/v1/users/{id}/reviews appear as neighboring branches. This is critical for teams monitoring the security of data access points, reviewing API versioning, enforcing naming and data model standards, and sharing information across teams.
Managed Security Professional
Managed Security Professional is a new managed security service tier providing an accessible entry point to proactive 24/7 monitoring and mitigation from Fastly's Cyber Security Operations Center (CSOC). It sits alongside the existing Response Security and Managed Security Enterprise tiers. This service is built for organizations that need expert security monitoring but have historically found managed security services out of reach.
Account Switching (Multi-Account User Access) for Next-Gen WAF
Account Switching is now fully available for all Next-Gen WAF customers using the Fastly control panel. Users can seamlessly switch between multiple Fastly accounts (CIDs) with a single set of login credentials. This feature is for any customer, partner, or user whose email is associated with multiple Fastly accounts and who uses the Next-Gen WAF.
Adaptive Threat Engine Update for DDoS Protection
The core technology behind Fastly's DDoS Protection has significantly evolved into what’s now called our Adaptive Threat Engine. Automatic mitigation speed has improved by nearly 72%, with further reductions in false positives. This update benefits all DDoS Protection customers.
API Inventory for API Security
API inventory is a new set of tools that helps customers review, catalog, and manage their intended APIs. Where API discovery surfaces incoming traffic, API inventory helps customers organize and manage it by saving discovered API operations to an inventory, adding descriptions and tags for business context, viewing saved APIs in tree view, and auditing team updates. By enabling teams to separate expected API behavior from the unexpected — including novelties, changes, and neglect — API inventory is critical for maintaining an accurate, continuously-updated API catalog and strengthening API security posture.
Compute
HTML Rewriter — GA Release
Fastly now offers a streaming HTML rewriter for the JavaScript SDK, enabling customers to programmatically inspect and modify HTML responses directly at the edge. The HTML Rewriter leverages bytecode from a Rust crate (lol-html) mapped to an interface matching Akamai's html-rewriter API for maximum compatibility. This release benefits all customers using JavaScript on Fastly Compute.
Early Hints for Compute
Early Hints (HTTP 103) for Compute gives developers a new way to programmatically improve performance and the user experience. By sending hints as soon as a request arrives at the edge, the browser can begin downloading essential resources — such as stylesheets, fonts, and JavaScript files — in parallel with application processing, minimizing idle time and accelerating page loads. This feature serves e-commerce teams looking to drive revenue via faster page loads, media and publishing organizations seeking to boost engagement and SEO, and gaming companies delivering low-latency experiences..
Bucket Management & On-Demand Migration for Object Storage
Fastly has launched two new capabilities for Object Storage. On-Demand Migration allows customers to specify an alternate source when an object is requested — if Fastly Object Storage does not have the object, it responds with the object from the alternate source and simultaneously copies it for future requests. Bucket Management in the Fastly management UI simplifies the creation and viewing of buckets directly in the UI without relying on command-line tools or external S3 clients.
Better Debugging & Shielding Support for JS Compute
Fastly has released two important updates for JavaScript Compute customers. JavaScript SDK 3.37 brings improved debugging with source-mapped stack traces and intermediate file dumps, allowing developers to pinpoint the exact file and line causing an error mapped back to TypeScript or JavaScript. Additionally, Shielding — which reduces origin traffic by forcing all origin requests through a designated PoP — is now available for JavaScript, in addition to Rust and Go.
Observability
Service Summary Enhancements
The Service Summary page has been updated with several improvements to make monitoring and managing services faster and more intuitive. Updates include new and expanded Service Cards showing Production, Staging, and Draft versions, a direct link to Observe from Service Stats for quick access to deeper insights, and expanded filtering options in Event Logs. These enhancements are available to all Fastly customers using the control panel and provide quicker access to deeper insights while helping users find relevant information more efficiently.
Domain Inspector for Compute Services
Domain Inspector is now available for Compute services. It empowers users to monitor every domain response, byte, status code, and bandwidth without needing to send log data to a third-party collector. This launch delivers granular, real-time domain visibility, simplified data pipelines by eliminating the need for external log collectors, real-time and historical data for troubleshooting, measurable ROI through quantifiable infrastructure and egress cost savings, and multi-CDN visibility for domains delivered through multiple CDNs.
Custom Dashboards & Alerts — Ungated for All Customers
Custom Dashboards and Alerts are now available by default to all Fastly customers without requiring the purchase of an Observability package. Custom dashboards empower users to bring all the metrics they care about into a single view, while Alerts notify users when system behavior deviates from expected thresholds.