--- title: Application performance Changelog image: https://developers.cloudflare.com/cf-twitter-card.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/changelog/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Changelog New updates and improvements at Cloudflare. [ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) Application performance ![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) Jun 16, 2025 1. ### [Internal DNS (beta) now manageable in the Cloudflare dashboard](https://developers.cloudflare.com/changelog/post/2025-06-16-internal-dns-beta-ui/) [ DNS ](https://developers.cloudflare.com/dns/) Participating beta testers can now fully configure [Internal DNS](https://developers.cloudflare.com/dns/internal-dns/) directly in the [Cloudflare dashboard ↗](https://dash.cloudflare.com/?to=/:account/internal-dns). #### Internal DNS enables customers to: * Map internal hostnames to private IPs for services, devices, and applications not exposed to the public Internet * Resolve internal DNS queries securely through [Cloudflare Gateway](https://developers.cloudflare.com/cloudflare-one/traffic-policies/) * Use split-horizon DNS to return different responses based on network context * Consolidate internal and public DNS zones within a single management platform #### What’s new in this release: * Beta participants can now create and manage internal zones and views in the Cloudflare dashboard ![Internal DNS UI](https://developers.cloudflare.com/_astro/internal-dns-beta-ui.B5uCVZ9o_yVcqC.webp) Note The Internal DNS beta is currently only available to Enterprise customers. To learn more and get started, refer to the [Internal DNS documentation](https://developers.cloudflare.com/dns/internal-dns/). Jun 11, 2025 1. ### [NSEC3 support for DNSSEC](https://developers.cloudflare.com/changelog/post/2025-06-11-nsec3-support/) [ DNS ](https://developers.cloudflare.com/dns/) Enterprise customers can now select NSEC3 as method for proof of non-existence on their zones. What's new: * **NSEC3 support for live-signed zones** – For both primary and secondary zones that are configured to be live-signed (also known as "on-the-fly signing"), NSEC3 can now be selected as proof of non-existence. * **NSEC3 support for pre-signed zones** – Secondary zones that are transferred to Cloudflare in a [pre-signed setup](https://developers.cloudflare.com/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary/#set-up-pre-signed-dnssec) now also support NSEC3 as proof of non-existence. For more information and how to enable NSEC3, refer to the [NSEC3 documentation](https://developers.cloudflare.com/dns/dnssec/enable-nsec3/). Jun 09, 2025 1. ### [More flexible fallback handling — Custom Errors now support fetching assets returned with 4xx or 5xx status codes](https://developers.cloudflare.com/changelog/post/2025-06-09-custom-errors-fetch-4xx-5xx-assets/) [ Rules ](https://developers.cloudflare.com/rules/) [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) can now fetch and store [assets](https://developers.cloudflare.com/rules/custom-errors/create-rules/#create-a-custom-error-asset-dashboard) and [error pages](https://developers.cloudflare.com/rules/custom-errors/#error-pages) from your origin even if they are served with a 4xx or 5xx HTTP status code — previously, only 200 OK responses were allowed. **What’s new:** * You can now upload error pages and error assets that return error status codes (for example, 403, 500, 502, 503, 504) when fetched. * These assets are stored and minified at the edge, so they can be reused across multiple Custom Error rules without triggering requests to the origin. This is especially useful for retrieving error content or downtime banners from your backend when you can’t override the origin status code. Learn more in the [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) documentation. Jun 09, 2025 1. ### [Match Workers subrequests by upstream zone — cf.worker.upstream\_zone now supported in Transform Rules](https://developers.cloudflare.com/changelog/post/2025-06-09-transform-rule-subrequest-matching/) [ Rules ](https://developers.cloudflare.com/rules/) You can now use the [cf.worker.upstream\_zone](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.worker.upstream%5Fzone/) field in [Transform Rules](https://developers.cloudflare.com/rules/transform/) to control rule execution based on whether a request originates from [Workers](https://developers.cloudflare.com/workers/), including subrequests issued by Workers in other zones. ![Match Workers subrequests by upstream zone in Transform Rules](https://developers.cloudflare.com/_astro/transform-rule-subrequest-matching.BeUBEN67_wWefn.webp) **What's new:** * `cf.worker.upstream_zone` is now supported in Transform Rules expressions. * Skip or apply logic conditionally when handling [Workers subrequests](https://developers.cloudflare.com/workers/platform/limits/#subrequests). For example, to add a header when the subrequest comes from another zone: Text in **Expression Editor** (replace `myappexample.com` with your domain): ``` (cf.worker.upstream_zone != "" and cf.worker.upstream_zone != "myappexample.com") ``` Selected operation under **Modify request header**: _Set static_ **Header name**: `X-External-Workers-Subrequest` **Value**: `1` This gives you more granular control in how you handle incoming requests for your zone. Learn more in the [Transform Rules](https://developers.cloudflare.com/rules/transform/) documentation and [Rules language fields](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/) reference. Jun 04, 2025 1. ### [New Account-Level Load Balancing UI and Private Load Balancers](https://developers.cloudflare.com/changelog/post/2025-06-04-account-load-balancing-ui/) [ Load Balancing ](https://developers.cloudflare.com/load-balancing/) We've made two large changes to load balancing: * Redesigned the user interface, now centralized at the **account level**. * Introduced [**Private Load Balancers**](https://developers.cloudflare.com/load-balancing/private-network/) to the UI, enabling you to manage traffic for all of your external and internal applications in a single spot. This update streamlines how you manage load balancers across multiple zones and extends robust traffic management to your private network infrastructure. ![Load Balancing UI](https://developers.cloudflare.com/_astro/account-load-balancing-ui.CoCi7gPb_Z2rDoCY.webp) **Key Enhancements:** * **Account-Level UI Consolidation:** * **Unified Management:** Say goodbye to navigating individual zones for load balancing tasks. You can now view, configure, and monitor all your load balancers across every zone in your account from a single, intuitive interface at the account level. * **Improved Efficiency:** This centralized approach provides a more streamlined workflow, making it faster and easier to manage both your public-facing and internal traffic distribution. * **Private Network Load Balancing:** * **Secure Internal Application Access:** Create [**Private Load Balancers**](https://developers.cloudflare.com/load-balancing/private-network/) to distribute traffic to applications hosted within your private network, ensuring they are not exposed to the public Internet. * **WARP & Magic WAN Integration:** Effortlessly direct internal traffic from users connected via Cloudflare WARP or through your Magic WAN infrastructure to the appropriate internal endpoint pools. * **Enhanced Security for Internal Resources:** Combine reliable Load Balancing with Zero Trust access controls to ensure your internal services are both performant and only accessible by verified users. ![Private Load Balancers](https://developers.cloudflare.com/_astro/private-load-balancer.yti20m_p_q5zIk.webp) Jun 03, 2025 1. ### [Improved onboarding for Shopify merchants](https://developers.cloudflare.com/changelog/post/2025-06-03-shopify-o2o-improvements/) [ DNS ](https://developers.cloudflare.com/dns/) Shopify merchants can now onboard to **O2O** automatically, without needing to contact support or community members. What's new: * **Automatic enablement** – O2O is available for all mutual Cloudflare and Shopify customers. * **Branded record display** – Merchants see a Shopify logo in DNS records, complete with helpful tooltips. ![Shopify O2O logo](https://developers.cloudflare.com/_astro/shop-dns-icon-o2o.Ca5DAZHL_1weoif.webp) * **Checkout protection** – Workers and Snippets are blocked from running on the checkout path to reduce risk and improve security. For more information, refer to the [provider guide](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/shopify/). May 30, 2025 1. ### [Fine-tune image optimization — WebP now supported in Configuration Rules](https://developers.cloudflare.com/changelog/post/2025-05-30-configuration-rules-webp/) [ Rules ](https://developers.cloudflare.com/rules/) You can now enable [Polish](https://developers.cloudflare.com/images/polish/activate-polish/) with the `webp` format directly in [Configuration Rules](https://developers.cloudflare.com/rules/configuration-rules/), allowing you to optimize image delivery for specific routes, user agents, or A/B tests — without applying changes zone-wide. **What’s new:** * [WebP](https://developers.cloudflare.com/images/polish/compression/#webp) is now a supported [value](https://developers.cloudflare.com/rules/configuration-rules/settings/#polish) in the **Polish** setting for Configuration Rules. This gives you more precise control over how images are compressed and delivered, whether you're targeting modern browsers, running experiments, or tailoring performance by geography or device type. Learn more in the [Polish](https://developers.cloudflare.com/images/polish/) and [Configuration Rules](https://developers.cloudflare.com/rules/configuration-rules/) documentation. May 27, 2025 1. ### [Increased limits for Cloudflare for SaaS and Secrets Store free and Pay-as-you-go plans](https://developers.cloudflare.com/changelog/post/2025-05-19-paygo-updates/) [ SSL/TLS ](https://developers.cloudflare.com/ssl/)[ Cloudflare for SaaS ](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/)[ Secrets Store ](https://developers.cloudflare.com/secrets-store/) With upgraded limits to [all free and paid plans ↗](https://www.cloudflare.com/plans/), you can now scale more easily with [Cloudflare for SaaS ↗](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/) and [Secrets Store ↗](https://developers.cloudflare.com/secrets-store/). [Cloudflare for SaaS ↗](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/) allows you to extend the benefits of Cloudflare to your customers via their own custom or vanity domains. Now, the [limit for custom hostnames ↗](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/plans/) on a Cloudflare for SaaS Pay-as-you-go plan has been **raised from 5,000 custom hostnames to 50,000 custom hostnames.** With custom origin server -- previously an enterprise-only feature -- you can route traffic from one or more custom hostnames somewhere other than your default proxy fallback. [Custom origin server ↗](https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/custom-origin/) is now available to Cloudflare for SaaS customers on Free, Pro, and Business plans. You can enable custom origin server on a per-custom hostname basis [via the API ↗](https://developers.cloudflare.com/api/resources/custom%5Fhostnames/methods/edit/) or the UI: ![Import repo or choose template](https://developers.cloudflare.com/_astro/custom-origin-server.B-BXcG-1_ZUd9i6.webp) Currently [in beta with a Workers integration ↗](https://blog.cloudflare.com/secrets-store-beta/), [Cloudflare Secrets Store ↗](https://developers.cloudflare.com/secrets-store/) allows you to store, manage, and deploy account level secrets from a secure, centralized platform your [Cloudflare Workers ↗](https://developers.cloudflare.com/workers/). Now, you can create and deploy **100 secrets per account**. Try it out [in the dashboard ↗](http://dash.cloudflare.com/?to=/:account/secrets-store), with [Wrangler ↗](https://developers.cloudflare.com/secrets-store/integrations/workers/), or [via the API ↗](https://developers.cloudflare.com/api/resources/secrets%5Fstore/) today. May 09, 2025 1. ### [More ways to match — Snippets now support Custom Lists, Bot Score, and WAF Attack Score](https://developers.cloudflare.com/changelog/post/2025-05-09-snippets-cloud-connector-lists-waf-bot-scores/) [ Rules ](https://developers.cloudflare.com/rules/) You can now use IP, Autonomous System (AS), and Hostname [custom lists](https://developers.cloudflare.com/waf/tools/lists/custom-lists/) to route traffic to [Snippets](https://developers.cloudflare.com/rules/snippets/) and [Cloud Connector](https://developers.cloudflare.com/rules/cloud-connector/), giving you greater precision and control over how you match and process requests at the edge. In Snippets, you can now also match on [Bot Score](https://developers.cloudflare.com/bots/concepts/bot-score/) and [WAF Attack Score](https://developers.cloudflare.com/waf/detections/attack-score/), unlocking smarter edge logic for everything from request filtering and mitigation to [tarpitting](https://developers.cloudflare.com/rules/snippets/examples/slow-suspicious-requests/) and logging. **What’s new:** * [Custom lists](https://developers.cloudflare.com/waf/tools/lists/custom-lists/) matching – Snippets and Cloud Connector now support user-created IP, AS, and Hostname lists via dashboard or [Lists API](https://developers.cloudflare.com/api/resources/rules/subresources/lists/methods/list/). Great for shared logic across zones. * [Bot Score](https://developers.cloudflare.com/bots/concepts/bot-score/) and [WAF Attack Score](https://developers.cloudflare.com/waf/detections/attack-score/) – Use Cloudflare’s intelligent traffic signals to detect bots or attacks and take advanced, tailored actions with just a few lines of code. ![New fields in Snippets](https://developers.cloudflare.com/_astro/snippets-lists-scores.D05l6zgc_ZG4Rof.webp) These enhancements unlock new possibilities for building smarter traffic workflows with minimal code and maximum efficiency. Learn more in the [Snippets](https://developers.cloudflare.com/rules/snippets/) and [Cloud Connector](https://developers.cloudflare.com/rules/cloud-connector/) documentation. May 06, 2025 1. ### [UDP and ICMP Monitor Support for Private Load Balancing Endpoints](https://developers.cloudflare.com/changelog/post/2025-05-06-private-health-monitoring-methods/) [ Load Balancing ](https://developers.cloudflare.com/load-balancing/) Cloudflare Load Balancing now supports **UDP (Layer 4)** and **ICMP (Layer 3)** health monitors for **private endpoints**. This makes it simple to track the health and availability of internal services that don’t respond to HTTP, TCP, or other protocol probes. #### What you can do: * Set up **ICMP ping monitors** to check if your private endpoints are reachable. * Use **UDP monitors** for lightweight health checks on non-TCP workloads, such as DNS, VoIP, or custom UDP-based services. * Gain better visibility and uptime guarantees for services running behind **Private Network Load Balancing**, without requiring public IP addresses. This enhancement is ideal for internal applications that rely on low-level protocols, especially when used in conjunction with [**Cloudflare Tunnel**](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/), [**WARP**](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/), and [**Magic WAN**](https://developers.cloudflare.com/cloudflare-wan/) to create a secure and observable private network. Learn more about [Private Network Load Balancing](https://developers.cloudflare.com/load-balancing/private-network/) or view the full list of [supported health monitor protocols](https://developers.cloudflare.com/load-balancing/monitors/#supported-protocols). Apr 24, 2025 1. ### [Custom Errors are now Generally Available](https://developers.cloudflare.com/changelog/post/2025-04-24-custom-errors-ga/) [ Rules ](https://developers.cloudflare.com/rules/) [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) are now generally available for all paid plans — bringing a unified and powerful experience for customizing error responses at both the zone and account levels. You can now manage **Custom Error Rules**, **Custom Error Assets**, and redesigned **Error Pages** directly from the Cloudflare dashboard. These features let you deliver tailored messaging when errors occur, helping you maintain brand consistency and improve user experience — whether it’s a 404 from your origin or a security challenge from Cloudflare. What's new: * **Custom Errors are now GA** – Available on all paid plans and ready for production traffic. * **UI for Custom Error Rules and Assets** – Manage your zone-level rules from the Rules > Overview and your zone-level assets from the Rules > Settings tabs. * **Define inline content or upload assets** – Create custom responses directly in the rule builder, upload new or reuse previously stored assets. * **Refreshed UI and new name for Error Pages** – Formerly known as “Custom Pages,” Error Pages now offer a cleaner, more intuitive experience for both zone and account-level configurations. * **Powered by Ruleset Engine** – Custom Error Rules support [conditional logic](https://developers.cloudflare.com/ruleset-engine/rules-language/) and override Error Pages for 500 and 1000 class errors, as well as errors originating from your origin or [other Cloudflare products](https://developers.cloudflare.com/ruleset-engine/reference/phases-list/). You can also configure [Response Header Transform Rules](https://developers.cloudflare.com/rules/transform/response-header-modification/) to add, change, or remove HTTP headers from responses returned by Custom Error Rules. Learn more in the [Custom Errors documentation](https://developers.cloudflare.com/rules/custom-errors/). Apr 09, 2025 1. ### [Cloudflare Snippets are now Generally Available](https://developers.cloudflare.com/changelog/post/2025-04-09-snippets-ga/) [ Rules ](https://developers.cloudflare.com/rules/) ![Cloudflare Snippets are now GA](https://developers.cloudflare.com/_astro/snippets-ga.BJr3csvv_Z2q49jT.webp) [Cloudflare Snippets](https://developers.cloudflare.com/rules/snippets/) are now generally available at no extra cost across all paid plans — giving you a fast, flexible way to programmatically control HTTP traffic using lightweight JavaScript. You can now use Snippets to modify HTTP requests and responses with confidence, reliability, and scale. Snippets are production-ready and deeply integrated with Cloudflare Rules, making them ideal for everything from quick dynamic header rewrites to advanced routing logic. What's new: * **Snippets are now GA** – Available at no extra cost on all Pro, Business, and Enterprise plans. * **Ready for production** – Snippets deliver a production-grade experience built for scale. * **Part of the Cloudflare Rules platform** – Snippets inherit request modifications from other Cloudflare products and support sequential execution, allowing you to run multiple Snippets on the same request and apply custom modifications step by step. * **Trace integration** – Use [Cloudflare Trace](https://developers.cloudflare.com/rules/trace-request/) to see which Snippets were triggered on a request — helping you understand traffic flow and debug more effectively. ![Snippets shown in Cloudflare Trace results](https://developers.cloudflare.com/_astro/snippets-ga-trace.WlCshaFo_1WNo07.webp) Learn more in the [launch blog post ↗](https://blog.cloudflare.com/snippets/). Apr 09, 2025 1. ### [Cloudflare Secrets Store now available in Beta](https://developers.cloudflare.com/changelog/post/2025-04-09-secrets-store-beta/) [ Secrets Store ](https://developers.cloudflare.com/secrets-store/)[ SSL/TLS ](https://developers.cloudflare.com/ssl/) Cloudflare Secrets Store is available today in Beta. You can now store, manage, and deploy account level secrets from a secure, centralized platform to your Workers. ![Import repo or choose template](https://developers.cloudflare.com/_astro/secrets-store-landing-page.BQoEWsq8_ZUrGq1.webp) To spin up your Cloudflare Secrets Store, simply click the new Secrets Store tab [in the dashboard ↗](http://dash.cloudflare.com/?to=/:account/secrets-store) or use this Wrangler command: Terminal window ``` wrangler secrets-store store create --remote ``` The following are supported in the Secrets Store beta: * Secrets Store UI & API: create your store & create, duplicate, update, scope, and delete a secret * Workers UI: bind a new or existing account level secret to a Worker and deploy in code * Wrangler: create your store & create, duplicate, update, scope, and delete a secret * Account Management UI & API: assign Secrets Store permissions roles & view audit logs for actions taken in Secrets Store core platform For instructions on how to get started, visit our [developer documentation](https://developers.cloudflare.com/secrets-store/). Apr 04, 2025 1. ### [Workers Fetch API can override Cache Rules](https://developers.cloudflare.com/changelog/post/2025-04-04-workers-fetch-api-override-cache-rules/) [ Cache / CDN ](https://developers.cloudflare.com/cache/) You can now programmatically override Cache Rules using the `cf` object in the `fetch()` command. This feature gives you fine-grained control over caching behavior on a per-request basis, allowing Workers to customize cache settings dynamically based on request properties, user context, or business logic. #### How it works Using the `cf` object in `fetch()`, you can override specific Cache Rules settings by: 1. **Setting custom cache options**: Pass cache properties in the `cf` object as the second argument to `fetch()` to override default Cache Rules. 2. **Dynamic cache control**: Apply different caching strategies based on request headers, cookies, or other runtime conditions. 3. **Per-request customization**: Bypass or modify Cache Rules for individual requests while maintaining default behavior for others. 4. **Programmatic cache management**: Implement complex caching logic that adapts to your application's needs. #### What can be configured Workers can override the following Cache Rules settings through the `cf` object: * **`cacheEverything`**: Treat all content as static and cache all file types beyond the default cached content. * **`cacheTtl`**: Set custom time-to-live values in seconds for cached content at the edge, regardless of origin headers. * **`cacheTtlByStatus`**: Set different TTLs based on the response status code (for example, `{ "200-299": 86400, 404: 1, "500-599": 0 }`). * **`cacheKey`**: Customize cache keys to control which requests are treated as the same for caching purposes (Enterprise only). * **`cacheTags`**: Append additional cache tags for targeted cache purging operations. #### Benefits * **Enhanced flexibility**: Customize cache behavior without modifying zone-level Cache Rules. * **Dynamic optimization**: Adjust caching strategies in real-time based on request context. * **Simplified configuration**: Reduce the number of Cache Rules needed by handling edge cases programmatically. * **Improved performance**: Fine-tune cache behavior for specific use cases to maximize hit rates. #### Get started To get started, refer to the [Workers Fetch API documentation](https://developers.cloudflare.com/workers/runtime-apis/fetch/) and the [cf object properties documentation](https://developers.cloudflare.com/workers/runtime-apis/request/#the-cf-property-requestinitcfproperties). Apr 03, 2025 1. ### [All cache purge methods now available for all plans](https://developers.cloudflare.com/changelog/post/2025-04-01-purge-for-all/) [ Cache / CDN ](https://developers.cloudflare.com/cache/) You can now access all Cloudflare cache purge methods — no matter which plan you’re on. Whether you need to update a single asset or instantly invalidate large portions of your site’s content, you now have the same powerful tools previously reserved for Enterprise customers. **Anyone on Cloudflare can now:** 1. [Purge Everything](https://developers.cloudflare.com/cache/how-to/purge-cache/purge-everything/): Clears all cached content associated with a website. 2. [Purge by Prefix](https://developers.cloudflare.com/cache/how-to/purge-cache/purge%5Fby%5Fprefix/): Targets URLs sharing a common prefix. 3. [Purge by Hostname](https://developers.cloudflare.com/cache/how-to/purge-cache/purge-by-hostname/): Invalidates content by specific hostnames. 4. [Purge by URL (single-file purge)](https://developers.cloudflare.com/cache/how-to/purge-cache/purge-by-single-file/): Precisely targets individual URLs. 5. [Purge by Tag](https://developers.cloudflare.com/cache/how-to/purge-cache/purge-by-tags/): Uses Cache-Tag response headers to invalidate grouped assets, offering flexibility for complex cache management scenarios. Want to learn how each purge method works, when to use them, or what limits apply to your plan? Dive into our [purge cache documentation](https://developers.cloudflare.com/cache/how-to/purge-cache/) and [API reference ↗](https://developers.cloudflare.com/api/resources/cache/methods/purge/) for all the details. Feb 24, 2025 1. ### [Zaraz moves to the “Tag Management” category in the Cloudflare dashboard](https://developers.cloudflare.com/changelog/post/2025-02-24-zaraz-dash-placement/) [ Zaraz ](https://developers.cloudflare.com/zaraz/) ![Zaraz at zone level to Tag management at account level](https://developers.cloudflare.com/_astro/zaraz-account-level.L5Bz9oN0_151oOs.webp) Previously, you could only configure Zaraz by going to each individual zone under your Cloudflare account. Now, if you’d like to get started with Zaraz or manage your existing configuration, you can navigate to the [Tag Management ↗](https://dash.cloudflare.com/?to=/:account/tag-management/zaraz) section on the Cloudflare dashboard – this will make it easier to compare and configure the same settings across multiple zones. These changes will not alter any existing configuration or entitlements for zones you already have Zaraz enabled on. If you’d like to edit existing configurations, you can go to the [Tag Setup ↗](https://dash.cloudflare.com/?to=/:account/tag-management/zaraz) section of the dashboard, and select the zone you'd like to edit. Feb 14, 2025 1. ### [Upload a certificate bundle with an RSA and ECDSA certificate per custom hostname](https://developers.cloudflare.com/changelog/post/2025-02-14-cert-bundling-for-custom-hostnames/) [ SSL/TLS ](https://developers.cloudflare.com/ssl/) Cloudflare has supported both RSA and ECDSA certificates across our platform for a number of years. Both certificates offer the same security, but ECDSA is more performant due to a smaller key size. However, RSA is more widely adopted and ensures compatibility with legacy clients. Instead of choosing between them, you may want both – that way, ECDSA is used when clients support it, but RSA is available if not. Now, you can upload both an RSA and ECDSA certificate on a custom hostname via the API. ``` curl -X POST https://api.cloudflare.com/client/v4/zones/$ZONE_ID/custom_hostnames \ -H 'Content-Type: application/json' \ -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ -H "X-Auth-Key: $CLOUDFLARE_API_KEY" \ -d '{ "hostname": "hostname", "ssl": { "custom_cert_bundle": [ { "custom_certificate": "RSA Cert", "custom_key": "RSA Key" }, { "custom_certificate": "ECDSA Cert", "custom_key": "ECDSA Key" } ], "bundle_method": "force", "wildcard": false, "settings": { "min_tls_version": "1.0" } } }’ ``` You can also: * [Upload](https://developers.cloudflare.com/api/resources/custom%5Fhostnames/methods/create/) an RSA or ECDSA certificate to a custom hostname with an existing ECDSA or RSA certificate, respectively. * [Replace](https://developers.cloudflare.com/api/resources/custom%5Fhostnames/subresources/certificate%5Fpack/subresources/certificates/methods/update/) the RSA or ECDSA certificate with a certificate of its same type. * [Delete](https://developers.cloudflare.com/api/resources/custom%5Fhostnames/subresources/certificate%5Fpack/subresources/certificates/methods/delete/) the RSA or ECDSA certificate (if the custom hostname has both an RSA and ECDSA uploaded). This feature is available for Business and Enterprise customers who have purchased custom certificates. Feb 12, 2025 1. ### [Configurable multiplexing HTTP/2 to Origin](https://developers.cloudflare.com/changelog/post/2025-02-12-configurable-multiplexing-http2-to-origin/) [ Cache / CDN ](https://developers.cloudflare.com/cache/) You can now configure HTTP/2 multiplexing settings for origin connections on Enterprise plans. This feature allows you to optimize how Cloudflare manages concurrent requests over HTTP/2 connections to your origin servers, improving cache efficiency and reducing connection overhead. #### How it works HTTP/2 multiplexing allows multiple requests to be sent over a single TCP connection. With this configuration option, you can: 1. **Control concurrent streams**: Adjust the maximum number of concurrent streams per connection. 2. **Optimize connection reuse**: Fine-tune connection pooling behavior for your origin infrastructure. 3. **Reduce connection overhead**: Minimize the number of TCP connections required between Cloudflare and your origin. 4. **Improve cache performance**: Better connection management can enhance cache fetch efficiency. #### Benefits * **Customizable performance**: Tailor multiplexing settings to your origin's capabilities. * **Reduced latency**: Fewer connection handshakes improve response times. * **Lower origin load**: More efficient connection usage reduces server resource consumption. * **Enhanced scalability**: Better connection management supports higher traffic volumes. #### Get started Enterprise customers can configure HTTP/2 multiplexing settings in the [Cloudflare Dashboard ↗](https://dash.cloudflare.com/) or through our [API](https://developers.cloudflare.com/api/). Important consideration This setting needs to be tuned carefully for your origin infrastructure. Setting the concurrent stream limit too high can negatively impact performance by saturating the shared TCP connection and overwhelming server processing capacity, leading to increased latency for individual requests. Feb 12, 2025 1. ### [Increased Cloudflare Rules limits](https://developers.cloudflare.com/changelog/post/2025-02-12-rules-upgraded-limits/) [ Rules ](https://developers.cloudflare.com/rules/) We have upgraded and streamlined [Cloudflare Rules](https://developers.cloudflare.com/rules/) limits across all plans, simplifying rule management and improving scalability for everyone. **New limits by product:** * [Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/) * Free: **20** → **10,000** URL redirects across lists * Pro: **500** → **25,000** URL redirects across lists * Business: **500** → **50,000** URL redirects across lists * Enterprise: **10,000** → **1,000,000** URL redirects across lists * [Cloud Connector](https://developers.cloudflare.com/rules/cloud-connector/) * Free: **5** → **10** connectors * Enterprise: **125** → **300** connectors * [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) * Pro: **5** → **25** error assets and rules * Business: **20** → **50** error assets and rules * Enterprise: **50** → **300** error assets and rules * [Snippets](https://developers.cloudflare.com/rules/snippets/) * Pro: **10** → **25** code snippets and rules * Business: **25** → **50** code snippets and rules * Enterprise: **50** → **300** code snippets and rules * [Cache Rules](https://developers.cloudflare.com/cache/how-to/cache-rules/), [Configuration Rules](https://developers.cloudflare.com/rules/configuration-rules/), [Compression Rules](https://developers.cloudflare.com/rules/compression-rules/), [Origin Rules](https://developers.cloudflare.com/rules/origin-rules/), [Single Redirects](https://developers.cloudflare.com/rules/url-forwarding/single-redirects/), and [Transform Rules](https://developers.cloudflare.com/rules/transform/) * Enterprise: **125** → **300** rules Gradual rollout Limits are updated gradually. Some customers may still see previous limits until the rollout is fully completed in the first half of 2025. Feb 11, 2025 1. ### [Custom Errors (beta): Stored Assets & Account-level Rules](https://developers.cloudflare.com/changelog/post/2025-02-11-custom-errors-beta/) [ Rules ](https://developers.cloudflare.com/rules/) We're introducing [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) (beta), which builds on our existing Custom Error Responses feature with new asset storage capabilities. This update allows you to store externally hosted error pages on Cloudflare and reference them in custom error rules, eliminating the need to supply inline content. This brings the following new capabilities: * **Custom error assets** – Fetch and store external error pages at the edge for use in error responses. * **Account-Level custom errors** – Define error handling rules and assets at the account level for consistency across multiple zones. Zone-level rules take precedence over account-level ones, and assets are not shared between levels. You can use Cloudflare API to upload your existing assets for use with Custom Errors: Terminal window ``` curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/custom_pages/assets" \ --header "Authorization: Bearer " \ --header 'Content-Type: application/json' \ --data '{ "name": "maintenance", "description": "Maintenance template page", "url": "https://example.com/" }' ``` You can then reference the stored asset in a Custom Error rule: Terminal window ``` curl --request PUT \ "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/phases/http_custom_errors/entrypoint" \ --header "Authorization: Bearer " \ --header 'Content-Type: application/json' \ --data '{ "rules": [ { "action": "serve_error", "action_parameters": { "asset_name": "maintenance", "content_type": "text/html", "status_code": 503 }, "enabled": true, "expression": "http.request.uri.path contains \"error\"" } ] }' ``` Feb 04, 2025 1. ### [Fight CSAM More Easily Than Ever](https://developers.cloudflare.com/changelog/post/2025-02-04-easier-onboarding-for-csam-scanning-tool/) [ Cache / CDN ](https://developers.cloudflare.com/cache/) You can now implement our **child safety tooling**, the **[CSAM Scanning Tool](https://developers.cloudflare.com/cache/reference/csam-scanning/)**, more easily. Instead of requiring external reporting credentials, you only need a verified email address for notifications to onboard. This change makes the tool more accessible to a wider range of customers. **How It Works** When enabled, the tool automatically [hashes images for enabled websites as they enter the Cloudflare cache ↗](https://blog.cloudflare.com/the-csam-scanning-tool/). These hashes are then checked against a database of **known abusive images**. * **Potential match detected?** * The **content URL is blocked**, and * **Cloudflare will notify you** about the found matches via the provided email address. **Updated Service-Specific Terms** We have also made updates to our **[Service-Specific Terms ↗](https://www.cloudflare.com/service-specific-terms-application-services/#csam-scanning-tool-terms)** to reflect these changes. Feb 02, 2025 1. ### [Removed unused meta fields from DNS records](https://developers.cloudflare.com/changelog/post/2025-02-02-removed-meta-fields/) [ DNS ](https://developers.cloudflare.com/dns/) Cloudflare is removing five fields from the `meta` object of DNS records. These fields have been unused for more than a year and are no longer set on new records. This change may take up to four weeks to fully roll out. The affected fields are: * the `auto_added` boolean * the `managed_by_apps` boolean and corresponding `apps_install_id` * the `managed_by_argo_tunnel` boolean and corresponding `argo_tunnel_id` An example record returned from the API would now look like the following: Updated API Response ``` { "result": { "id": "", "zone_id": "", "zone_name": "example.com", "name": "www.example.com", "type": "A", "content": "192.0.2.1", "proxiable": true, "proxied": false, "ttl": 1, "locked": false, "meta": { "auto_added": false, "managed_by_apps": false, "managed_by_argo_tunnel": false, "source": "primary" }, "comment": null, "tags": [], "created_on": "2025-03-17T20:37:05.368097Z", "modified_on": "2025-03-17T20:37:05.368097Z" }, "success": true, "errors": [], "messages": [] } ``` For more guidance, refer to [Manage DNS records](https://developers.cloudflare.com/dns/manage-dns-records/). Jan 29, 2025 1. ### [New Snippets Code Editor](https://developers.cloudflare.com/changelog/post/2025-01-29-snippets-code-editor/) [ Rules ](https://developers.cloudflare.com/rules/) The new [Snippets](https://developers.cloudflare.com/rules/snippets/) code editor lets you edit Snippet code and rule in one place, making it easier to test and deploy changes without switching between pages. ![New Snippets code editor](https://developers.cloudflare.com/_astro/snippets-new-editor.CaoIu2_-_Z2rsmyM.webp) What’s new: * **Single-page editing for code and rule** – No need to jump between screens. * **Auto-complete & syntax highlighting** – Get suggestions and avoid mistakes. * **Code formatting & refactoring** – Write cleaner, more readable code. Try it now in [Rules > Snippets ↗](https://dash.cloudflare.com/?to=/:account/:zone/rules/snippets). Jan 09, 2025 1. ### [New Rules Overview Interface](https://developers.cloudflare.com/changelog/post/2025-01-09-rules-overview/) [ Rules ](https://developers.cloudflare.com/rules/) **Rules Overview** gives you a single page to manage all your [Cloudflare Rules](https://developers.cloudflare.com/rules/). What you can do: * **See all your rules in one place** – No more clicking around. * **Find rules faster** – Search by name. * **Understand execution order** – See how rules run in sequence. * **Debug easily** – Use [Trace](https://developers.cloudflare.com/rules/trace-request/) without switching tabs. Check it out in [Rules > Overview ↗](https://dash.cloudflare.com/?to=/:account/:zone/rules/overview). Jan 08, 2025 1. ### [Smart Tiered Cache optimizes Load Balancing Pools](https://developers.cloudflare.com/changelog/post/2025-01-08-smart-tiered-cache-for-load-balancing/) [ Cache / CDN ](https://developers.cloudflare.com/cache/) You can now achieve higher cache hit rates and reduce origin load when using [Load Balancing](https://developers.cloudflare.com/load-balancing/) with [Smart Tiered Cache](https://developers.cloudflare.com/cache/how-to/tiered-cache/). Cloudflare automatically selects a single, optimal tiered data center for all origins in your Load Balancing Pool. #### How it works When you use [Load Balancing](https://developers.cloudflare.com/load-balancing/) with [Smart Tiered Cache](https://developers.cloudflare.com/cache/how-to/tiered-cache/), Cloudflare analyzes performance metrics across your pool's origins and automatically selects the optimal Upper Tier data center for the entire pool. This means: * **Consistent cache location**: All origins in the pool share the same Upper Tier cache. * **Higher HIT rates**: Requests for the same content hit the cache more frequently. * **Reduced origin requests**: Fewer requests reach your origin servers. * **Improved performance**: Faster response times for cache HITs. #### Example workflow ``` Load Balancing Pool: api-pool ├── Origin 1: api-1.example.com ├── Origin 2: api-2.example.com └── Origin 3: api-3.example.com ↓ Selected Upper Tier: [Optimal data center based on pool performance] ``` #### Get started To get started, enable [Smart Tiered Cache](https://developers.cloudflare.com/cache/how-to/tiered-cache/) on your zone and configure your [Load Balancing Pool](https://developers.cloudflare.com/load-balancing/). [Search all changelog entries](https://developers.cloudflare.com/search/?contentType=Changelog+entry)