Cloudflare Docs
Rules
Rules
Edit this page on GitHub
Set theme to dark (⇧+D)

Configuration Rules settings

You can change the configuration settings described below in a configuration rule.

​​ Automatic HTTPS Rewrites

Enable or disable Automatic HTTPS Rewrites 1 for matching requests.

API information

API configuration property name: "automatic_https_rewrites" (boolean).

API configuration example
"action_parameters": {
"automatic_https_rewrites": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Auto Minify

Select which file extensions to minify automatically using Auto Minify 2.

API information

API configuration object name: "autominify" (object).

API configuration example
"action_parameters": {
"autominify": {
"html": true,
"css": true,
"js": false
}
}

Refer to Create a configuration rule via API for complete API examples.

​​ Browser Integrity Check

Enable or disable Browser Integrity Check 3 for matching requests.

API information

API configuration property name: "bic" (boolean).

API configuration example
"action_parameters": {
"bic": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Disable Apps

Disable all active Cloudflare Apps 4 for matching requests.

API information

API configuration property name: "disable_apps" (boolean).

API configuration example
"action_parameters": {
"disable_apps": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Disable Zaraz

Disable Cloudflare Zaraz 5 for matching requests.

API information

API configuration property name: "disable_zaraz" (boolean).

API configuration example
"action_parameters": {
"disable_zaraz": true
}

Refer to Create a configuration rule via API for complete API examples.

Enable or disable Hotlink Protection 6 for matching requests.

API information

API configuration property name: "hotlink_protection" (boolean).

API configuration example
"action_parameters": {
"hotlink_protection": false
}

Refer to Create a configuration rule via API for complete API examples.

​​ Email Obfuscation

Enable or disable Email Obfuscation 7 for matching requests.

API information

API configuration property name: "email_obfuscation" (boolean).

API configuration example
"action_parameters": {
"email_obfuscation": false
}

Refer to Create a configuration rule via API for complete API examples.

​​ Mirage

Enable or disable Mirage 8 for matching requests.

API information

API configuration property name: "mirage" (boolean).

API configuration example
"action_parameters": {
"mirage": false
}

Refer to Create a configuration rule via API for complete API examples.

​​ Opportunistic Encryption

Enable or disable Opportunistic Encryption 9 for matching requests.

API information

API configuration property name: "opportunistic_encryption" (boolean).

API configuration example
"action_parameters": {
"opportunistic_encryption": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Polish

Set Polish 10 compression options for matching requests.

API information

API configuration property name: "polish" (string).

API values: "off", "lossless", "lossy".

API configuration example
"action_parameters": {
"polish": "lossless"
}

Refer to Create a configuration rule via API for complete API examples.

​​ Rocket Loader

Enable or disable Rocket Loader 11 for matching requests.

API information

API configuration property name: "rocket_loader" (boolean).

API configuration example
"action_parameters": {
"rocket_loader": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Security Level

Select the Security Level 12 for matching requests.

API information

API configuration property name: "security_level" (string).

API values: "off", "essentially_off", "low", "medium", "high", "under_attack".

API configuration example
"action_parameters": {
"security_level": "low"
}

Refer to Create a configuration rule via API for complete API examples.

​​ Server Side Excludes

Enable or disable Server Side Excludes 13 for matching requests.

API information

API configuration property name: "server_side_excludes" (boolean).

API configuration example
"action_parameters": {
"server_side_excludes": false
}

Refer to Create a configuration rule via API for complete API examples.

​​ SSL

Select the SSL/TLS encryption mode 14 for matching requests.

API information

API configuration property name: "ssl" (string).

API values: "off", "flexible", "full", "strict", "origin_pull".

API configuration example
"action_parameters": {
"ssl": "flexible"
}

Refer to Create a configuration rule via API for complete API examples.

​​ SXG

Enable or disable Signed Exchanges (SXG) 15 for matching requests.

API information

API configuration property name: "sxg" (boolean).

API configuration example
"action_parameters": {
"sxg": false
}

Refer to Create a configuration rule via API for complete API examples.


  1. Automatic HTTPS Rewrites prevents end users from seeing “mixed content” errors by rewriting URLs from http to https for resources or links on your website that can be served with HTTPS. ↩︎

  2. Auto Minify can remove all unnecessary characters from HTML, JavaScript, and CSS files. ↩︎

  3. Browser Integrity Check blocks access to pages based on specific HTTP headers commonly abused by spammers. ↩︎

  4. Cloudflare Apps is a platform for sharing high-quality apps that anyone with a website can use. ↩︎

  5. Zaraz gives you complete control over third-party tools and services for your website, and allows you to offload them to the Cloudflare global network. ↩︎

  6. Hotlink Protection prevents your images from being used by other sites, potentially reducing the bandwidth consumed by your origin server. ↩︎

  7. Email Obfuscation helps in spam prevention by hiding email addresses appearing in your pages from email harvesters and other bots, while remaining visible to your site visitors. ↩︎

  8. Mirage accelerates image delivery for your visitors based on their device. ↩︎

  9. Opportunistic Encryption allows browsers to access HTTP URIs over an encrypted TLS channel. ↩︎

  10. Cloudflare Polish is a one-click image optimization product that automatically optimizes images in your site. ↩︎

  11. Rocket Loader prioritizes your website’s content (such as text, images, and fonts) by deferring the loading of all your JavaScript code until after rendering. ↩︎

  12. The Security Level controls Managed Challenges for requests from low reputation IP addresses. ↩︎

  13. Server Side Excludes allow you to provide specific pieces of content to real website visitors while hiding that content from suspicious visitors. ↩︎

  14. Encryption modes control the scheme (http:// or https://) that Cloudflare uses to connect to your origin web server and how SSL certificates presented by your origin will be validated. ↩︎

  15. Signed exchanges (SXG) is an open standard that makes it possible to cryptographically authenticate the origin of a resource independently of how it is delivered. ↩︎