Cloudflare Trace limitations

Automatic rule bypasses

Trace does not display rules that are automatically bypassed for operational reasons.

For example, when SSL/TLS certificates are in pending_validation status, security rules are automatically disabled for domain control validation (DCV) paths like /.well-known/pki-validation/ and /.well-known/acme-challenge/. These bypasses will not appear in trace results.

For more information, refer to Why are some rules bypassed? in the WAF documentation.

---

Unsupported features

Trace currently does not support:

• Hostnames using Data Localization Suite
• Spectrum applications

Additionally, the following products will not appear in trace results:

• Firewall rules (deprecated)
• Load Balancing and Load Balancer Custom Rules
• IP Access rules
• Rate limiting rules (previous version)
• WAF managed rules (previous version)
• Page Shield policies