The Web Application Firewall (WAF) contains rules managed by Cloudflare to block requests that contain malicious content.
|0||Unknown||Take no other action|
|1||Allow||Bypass all subsequent WAF rules|
|2||Drop||Block with an HTTP 403 response|
|3||Challenge Allow||Issue a CAPTCHA challenge|
|5||Simulate||Take no action other than logging the event|
Deprecated fields for internal Cloudflare use
The values of these fields are subject to change by Cloudflare at any time and are irrelevant for customer data analysis: