Skip to content
Cloudflare Docs
Docs DirectoryAPIsSDKs

DLP profiles

A DLP profile defines what sensitive data Cloudflare should detect in your traffic. Profiles can combine detection entries with Data Classification objects such as data classes, sensitivity levels, and data tags.

Cloudflare DLP provides predefined profiles for common sensitive data types such as credit card numbers and national identifiers. You can also build custom DLP profiles specific to your data, organization, and risk tolerance by using direct detection entries, data classes, and labels.

Configure a predefined profile

  1. In the Cloudflare dashboard, go to Zero Trust > Data loss prevention > Profiles.
  2. Choose a predefined profile and select Edit.
  3. Enable one or more Detection entries according to your preferences.
  4. Select Save profile.

Most predefined profiles match when any enabled detection entry matches. The Personally Identifiable Information (PII) Record profile is an exception and requires at least three unique detection entries in close proximity before the profile matches.

You can now use this profile in a DLP policy, CASB integration, or AI Gateway DLP policy.

Build a custom profile

  1. In the Cloudflare dashboard, go to Zero Trust > Data loss prevention > Profiles.

  2. Select Create profile.

  3. Enter a name and optional description for the profile.

  4. Add new or existing detection entries to the profile.

    Add a custom entry

    1. Select Add custom entry.

    2. Choose the type of detection entry you want to create and configure its values.

      For information on supported detection entry types, refer to Configure detection entries.

    3. To save the detection entry, select Done.

    Add existing entries

    Existing entries include predefined and user-defined detection entries that you manage from the Detection entries section.

    1. Select Add existing entries.
    2. Choose which entries you want to add, then select Confirm.
    3. To save the detection entry, select Done.

  5. (Optional) Add data classes to include reusable classification rules.

    1. Select Add data classes.
    2. Choose the data classes you want to add, then select Confirm.

  6. (Optional) Use labels as match criteria for the profile.

    • Select a sensitivity schema and minimum sensitivity level.
    • Select a data tag group and one or more data tags.

    For more information on labels, templates, and data classes, refer to Data Classification.

  7. (Optional) Configure profile settings for the profile.

  8. Select Save profile.

You can now use this profile in a DLP policy, CASB integration, or AI Gateway DLP policy.