Predefined profiles
Cloudflare Zero Trust provides predefined DLP profiles for common types of sensitive data. Some profiles include built-in validation checks that increase detection accuracy. You can also configure advanced settings for predefined profiles.
DLP provides AI prompt protection with the following predefined profiles:
- AI Prompt: AI Security
- AI Prompt: Customer
- AI Prompt: Financial Information
- AI Prompt: PII
- AI Prompt: Technical
For more information on included detection entries, refer to AI prompt topics.
The following secrets are validated with regex.
- Amazon Web Services (AWS) keys
- Azure API keys
- Google Cloud Platform keys
- SSH keys
The following Cloudflare API credentials are validated algorithmically using a checksum. Only credentials generated after Cloudflare's token format update will be matched by these entries.
| Detection entry | Format |
|---|---|
| Cloudflare User API Key | cfk_ followed by 40 alphanumeric characters and an 8-character hex checksum |
| Cloudflare User API Token | cfut_ followed by 40 alphanumeric characters and an 8-character hex checksum |
| Cloudflare Account Owned API Token | cfat_ followed by 40 alphanumeric characters and an 8-character hex checksum |
Credit card numbers begin with a six or eight-digit Issuer Identification Number (IIN) and are followed by up to 23 additional digits. Card verification values (CVVs) are not validated.
In the table below, entries use one of three validation methods. Luhn's algorithm ↗ is a checksum formula used to verify credit card numbers. Entries validated "with checksum" use an arithmetic check specific to that number format. Entries validated "with regex" match a known text pattern without performing a mathematical check.
| Detection entry | Notes |
|---|---|
| American Express Card Number | Validated using Luhn's algorithm ↗. |
| American Express Text | Text matching amex or american express. |
| Diners Club Card Number | Validated using Luhn's algorithm. |
| Generic CVV Card Number | Validated with regex. |
| Mastercard Card Number | Validated using Luhn's algorithm. |
| Mastercard Text | Text matching mastercard. |
| Union Pay Card Number | Validated using Luhn's algorithm. |
| Union Pay Text | Text matching union pay. |
| Visa Card Number | Validated using Luhn's algorithm. |
| Visa Text | Text matching visa. |
| United States ABA Routing Number | Validated algorithmically with checksum. |
| IBAN | Validated with checksum. |
The Unsanitized HAR predefined profile detects HTTP Archive (HAR) files in traffic that have not been processed by Cloudflare's HAR sanitizer. HAR files frequently contain sensitive data such as session cookies, authorization headers, and other credentials.
| Detection entry | Notes |
|---|---|
| Unsanitized HAR file | Detects HAR files that do not carry a Cloudflare sanitized marker. Files processed by the Cloudflare HAR sanitizer and unmodified since will not match this entry. |
You can use this profile in a Gateway HTTP policy to block HAR file uploads or redirect users to https://har-sanitizer.pages.dev/ to sanitize the file before uploading. For more information, refer to common DLP policies.
The following diagnosis and medication names are checked for surrounding ASCII characters to prevent false positives.
- FDA active ingredients
- FDA drug names
- ICD-10 FY2023 short descriptions
The following national identifier detections are validated algorithmically when possible.
| Detection entry | Notes |
|---|---|
| United States SSN Numeric Detection | Matched values must include commonly used separators. For example, 000-00-0000 matches but 000000000 does not. Unlike credit card numbers, Social Security numbers have no built-in checksum, so DLP validates the format only. |
| Social Security Number Text | Text matching ssn or social security. |
| Australia Tax File Number | Validated with checksum. |
| Canada Social Insurance Number | Validated using Luhn's algorithm. |
| France Social Security Number | Validated with regex. |
| Hong Kong Identity Card (HKIC) Number | Validated with checksum. |
| Indonesia Identity Card Number | Validated with regex. |
| Malaysian National Identity Card Number | Validated with regex. |
| Philippines Unified Multi-Purpose ID (UMID) Number | Validated with regex. |
| Singapore National Registration Identity Card Number | Validated with checksum. |
| Taiwan National Identification Number | Validated with checksum. |
| Thai Identity Card Number | Validated with checksum. |
| United Kingdom NHS Number | Validated with checksum. |
| United Kingdom National Insurance Number | Validated with regex. |
The following programming languages are validated with natural language processing (NLP).
- C
- C++
- C#
- Go
- Haskell
- Java
- JavaScript
- Lua
- Python
- R
- Rust
- Swift