Cloudflare Docs
Cloudflare Zero Trust
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Global rules

Cloudflare Zero Trust applies a set of global rules to all accounts.

Hostname* is used by client for registration. This policy ensures that customers cannot accidentally block themselves from making account changes.
Hostname*.assets.browser.runbypassDo not inspect or *
Hostname*.cloudflare-gateway.combypassEnsure we bypass requests to DNS endpoint
Hostname*.cloudflarestatus.combypassBypass so customers can reach the page in case of Gateway outage
Hostname*.net.cloudflare.combypassBypass * for Cloudflare’s network error logging feature cert pinning global bypass cert pinning global bypass
Hostnamegateway.icloud.combypassTemp cert pinning global bypass
Hostname*.edge.browser.runisolateAnything bound for * needs to go the isolation browser
Hostnamehelp.teams.cloudflare.comallowZero Trust client will use this to check if Gateway is on by inspecting cert. Also will check if certificate is properly installed on client machine
Request HeaderAccept: text/htmlnoisolateBrowsers issue an Accept: header that begins with text/html. Do not isolate if we don’t see such a header because this is not a browser