Custom Errors can now fetch and store assets and error pages from your origin even if they are served with a 4xx or 5xx HTTP status code — previously, only 200 OK responses were allowed.
What’s new:
This is especially useful for retrieving error content or downtime banners from your backend when you can’t override the origin status code.
Learn more in the Custom Errors documentation.
You can now use the cf.worker.upstream_zone field in Transform Rules to control rule execution based on whether a request originates from Workers, including subrequests issued by Workers in other zones.
What's new:
cf.worker.upstream_zone is now supported in Transform Rules expressions.For example, to add a header when the subrequest comes from another zone:
Text in Expression Editor (replace myappexample.com with your domain):
(cf.worker.upstream_zone != "" and cf.worker.upstream_zone != "myappexample.com")Selected operation under Modify request header: Set static
Header name: X-External-Workers-Subrequest
Value: 1
This gives you more granular control in how you handle incoming requests for your zone.
Learn more in the Transform Rules documentation and Rules language fields reference.
You can now enable Polish with the webp format directly in Configuration Rules, allowing you to optimize image delivery for specific routes, user agents, or A/B tests — without applying changes zone-wide.
What’s new:
This gives you more precise control over how images are compressed and delivered, whether you're targeting modern browsers, running experiments, or tailoring performance by geography or device type.
Learn more in the Polish and Configuration Rules documentation.
You can now use IP, Autonomous System (AS), and Hostname custom lists to route traffic to Snippets and Cloud Connector, giving you greater precision and control over how you match and process requests at the edge.
In Snippets, you can now also match on Bot Score and WAF Attack Score, unlocking smarter edge logic for everything from request filtering and mitigation to tarpitting and logging.
What’s new:
These enhancements unlock new possibilities for building smarter traffic workflows with minimal code and maximum efficiency.
Learn more in the Snippets and Cloud Connector documentation.
Custom Errors are now generally available for all paid plans — bringing a unified and powerful experience for customizing error responses at both the zone and account levels.
You can now manage Custom Error Rules, Custom Error Assets, and redesigned Error Pages directly from the Cloudflare dashboard. These features let you deliver tailored messaging when errors occur, helping you maintain brand consistency and improve user experience — whether it’s a 404 from your origin or a security challenge from Cloudflare.
What's new:
Learn more in the Custom Errors documentation.
Cloudflare Snippets are now generally available at no extra cost across all paid plans — giving you a fast, flexible way to programmatically control HTTP traffic using lightweight JavaScript.
You can now use Snippets to modify HTTP requests and responses with confidence, reliability, and scale. Snippets are production-ready and deeply integrated with Cloudflare Rules, making them ideal for everything from quick dynamic header rewrites to advanced routing logic.
What's new:
Snippets are now GA – Available at no extra cost on all Pro, Business, and Enterprise plans.
Ready for production – Snippets deliver a production-grade experience built for scale.
Part of the Cloudflare Rules platform – Snippets inherit request modifications from other Cloudflare products and support sequential execution, allowing you to run multiple Snippets on the same request and apply custom modifications step by step.
Trace integration – Use Cloudflare Trace to see which Snippets were triggered on a request — helping you understand traffic flow and debug more effectively.
Learn more in the launch blog post ↗.
We have upgraded and streamlined Cloudflare Rules limits across all plans, simplifying rule management and improving scalability for everyone.
New limits by product:
We're introducing Custom Errors (beta), which builds on our existing Custom Error Responses feature with new asset storage capabilities.
This update allows you to store externally hosted error pages on Cloudflare and reference them in custom error rules, eliminating the need to supply inline content.
This brings the following new capabilities:
You can use Cloudflare API to upload your existing assets for use with Custom Errors:
curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/custom_pages/assets" \--header "Authorization: Bearer <API_TOKEN>" \--header 'Content-Type: application/json' \--data '{ "name": "maintenance", "description": "Maintenance template page", "url": "https://example.com/"}'You can then reference the stored asset in a Custom Error rule:
curl --request PUT \"https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/phases/http_custom_errors/entrypoint" \--header "Authorization: Bearer <API_TOKEN>" \--header 'Content-Type: application/json' \--data '{ "rules": [ { "action": "serve_error", "action_parameters": { "asset_name": "maintenance", "content_type": "text/html", "status_code": 503 }, "enabled": true, "expression": "http.request.uri.path contains \"error\"" } ]}'The new Snippets code editor lets you edit Snippet code and rule in one place, making it easier to test and deploy changes without switching between pages.
What’s new:
Try it now in Rules > Snippets ↗.
Rules Overview gives you a single page to manage all your Cloudflare Rules.
What you can do:
Check it out in Rules > Overview ↗.
Now, you can manage Cloudflare Snippets with Terraform. Use infrastructure-as-code to deploy and update Snippet code and rules without manual changes in the dashboard.
Example Terraform configuration:
resource "cloudflare_snippet" "my_snippet" { zone_id = "<ZONE_ID>" name = "my_test_snippet_1" main_module = "file1.js" files { name = "file1.js" content = file("file1.js") }}
resource "cloudflare_snippet_rules" "cookie_snippet_rule" { zone_id = "<ZONE_ID>" rules { enabled = true expression = "http.cookie eq \"a=b\"" description = "Trigger snippet on specific cookie" snippet_name = "my_test_snippet_1" } depends_on = [cloudflare_snippet.my_snippet]}Learn more in the Configure Snippets using Terraform documentation.
Now, you can use Cloud Connector to route traffic to your R2 buckets based on URLs, headers, geolocation, and more.
Example setup:
curl --request PUT \"https://api.cloudflare.com/client/v4/zones/{zone_id}/cloud_connector/rules" \--header "Authorization: Bearer <API_TOKEN>" \--header "Content-Type: application/json" \--data '[ { "expression": "http.request.uri.path wildcard \"/images/*\"", "provider": "cloudflare_r2", "description": "Connect to R2 bucket containing images", "parameters": { "host": "mybucketcustomdomain.example.com" } }]'Get started using Cloud Connector documentation.
It’s now easy to create wildcard-based URL Rewrites. No need for complex functions—just define your patterns and go.
What’s improved:
Try it via creating a Rewrite URL rule in the dashboard.
Automatic DNS Validation for Cloudflare Rules
The Cloudflare dashboard now automatically validates DNS records ↗ and Cloudflare for SaaS custom hostnames ↗ for rules targeting specific hostnames or URLs. To prevent misconfigured rules and ensure smoother deployments, you will get proactive warnings for missing or misconfigured DNS records and custom hostnames.
Compression Rules available to all plans with Zstandard support
Compression Rules ↗ now support Zstandard compression and are available in all Cloudflare plans. Users in the Free plan will gradually get access throughout 2024.
Snippets now available in beta
Cloudflare Snippets ↗ have transitioned from alpha to beta.
wildcard_replace() function now supported in URL rewrites
You can now use the wildcard_replace() ↗ function in rewrite expressions of URL rewrites ↗.
New Rules Templates for one-click rule creation
The new Rules > Templates page in the Cloudflare dashboard allows you to create common rules with a single click, featuring dozens of pre-built templates. You can also access these templates directly from each product's rule builder. Also, explore the Examples gallery ↗ in the developer docs for real-world use cases and inspiration.
Simplified UI for Single Redirects with wildcard support
The simplified UI for Single Redirects ↗ is now available to all users, making URL redirects easier and more intuitive. This update builds on the recent wildcard support ↗ in Ruleset Engine products. Access the new UI under Rules > Redirect Rules. Learn more about wildcard support and our open-source Rust crate in the blog post ↗.
Cloud Connector now available to all customers
Cloud Connector (beta) is now available to all customers. For setup details, refer to the documentation ↗, explore examples ↗, and check out the blog post ↗.
Cloud Connector now available to all free customers
Cloud Connector (beta) is now available to all free and a subset of paid customers. This rollout will be gradually extended ↗ to all Cloudflare users, simplifying multi-cloud management and enhancing integration with Cloudflare's Connectivity Cloud. For more information, refer to the blog post ↗.
Cloudflare Snippets limits have been upgraded
Cloudflare Snippets (alpha) now allow multiple subrequests depending on your plan. For more information, refer to the Availability ↗.
Wildcard support added to Ruleset Engine products
Wildcards are now supported across our Ruleset Engine-based products, including Single Redirects, Cache Rules, Transform Rules, WAF, Waiting Room, and more:
wildcard and strict wildcard operators with any string field in the Ruleset Engine, such as full URI, host, headers, cookies, user-agent, and country. For more details, refer to Operators ↗ and Wildcard matching ↗.wildcard_replace() function allows you to use segments matched by the wildcard and strict wildcard operators in redirect URL targets. For more information, refer to Functions ↗.Cloudflare Snippets now available to all paid customers
Cloudflare Snippets (alpha) are now available to all paid customers.
Cloudflare Snippets now available to all Enterprise customers
Cloudflare Snippets (alpha) are now available to all Enterprise customers. Customers in other paid plans will gradually get access throughout 2024.
Page Rules migration
The Page Rules migration guide ↗ is now available for users interested in transitioning to modern Rules features instead of Page Rules. Explore the guide for detailed instructions on migrating your configurations.
New Configuration Rules setting for Web Analytics (RUM)
You can now turn off Cloudflare Web Analytics, also known as Real User Monitoring (RUM), for specific requests using a configuration rule.
New Configuration Rules setting for Cloudflare Fonts
You can now turn on or off Cloudflare Fonts for specific requests using a configuration rule.
New TLS fields in rule expressions
Customers can now use new fields cf.tls_client_hello_length (the length of the client hello message sent in a TLS handshake), cf.tls_client_random (the value of the 32-byte random value provided by the client in a TLS handshake), and cf.tls_client_extensions_sha1 (the SHA-1 fingerprint of TLS client extensions) in various products built on Ruleset Engine.
Origin Rules now allow port numbers in Host Header Override
Customers can now use arbitrary port numbers in Host Header Override in Origin Rules. Previously, only hostname was allowed as a value (for example, example.com). Now, you can set the value to hostname:port (for example, example.com:1234) as well.
