Cloudflare Docs
Visit Cloudflare Fundamentals on GitHub
Set theme to dark (⇧+D)

Secure your website

Cloudflare offers several tools to protect your website against malicious traffic and bad actors.

Protection options

Default protection

As long as your traffic is proxied by Cloudflare , Cloudflare automatically protects your application from DDoS attacks.

Cloudflare also issues and renews free, unshared, publicly trusted SSL/TLS certificates to all Cloudflare domains.

One-click protection

For customers on a Pro plan or above, Cloudflare offers several Managed Rulesets as part of the Web Application Firewall (WAF).

All customers also have the options to adjust the following Security settings:

Protection with minimal setup

Based on additional knowledge about your website traffic and requirements, you can also:

Dedicated products

Cloudflare also offers dedicated products to increase the security of your website and underlying infrastructure:

  • API Shield : Protect your API from malicious traffic by enforcing schema validation, detecting abuse patterns, and more.
  • Magic Firewall : Use Cloudflare’s firewall-as-a-service (FWaaS) to protect office networks and cloud infrastructure with advanced, scalable protection.
  • Magic Transit : Delivers network functions at Cloudflare scale — DDoS protection, traffic acceleration, and much more from every Cloudflare data center — for on-premise, cloud-hosted, and hybrid networks.
  • Magic WAN : Securely connect any traffic source - data centers, offices, devices, cloud properties - to Cloudflare’s network and configure routing policies to get the bits where they need to go, all within one SaaS solution.
  • Page Shield : Monitor third-party scripts on your application and receive notifications when they have been compromised or are exhibiting malicious behavior.