A/B testing with same-URL direct access
Set up an A/B test by controlling what response is served based on cookies.
Snippets
Explore the following examples for Rules.
A/B testing with same-URL direct access
Set up an A/B test by controlling what response is served based on cookies.
Snippets
Add a request header with the current bot score
Create a request header modification rule (part of Transform Rules) to add a X-Bot-Score
HTTP header to the request with the current bot score.
Transform Rules
Add a response header with a static value
Create a response header modification rule (part of Transform Rules) to add a set-cookie
HTTP header to the response with a static value (cookiename=value
).
Transform Rules
Add HEX timestamp to a request header
Add a custom header to requests sent to the origin server with the current timestamp in hexadecimal format for debugging, tracking, or custom routing purposes.
Snippets
Add request header with a static value
Create a request header modification rule (part of Transform Rules) to add an X-Source
HTTP header to the request with a static value (Cloudflare
).
Transform Rules
Append dates to cookies to use with A/B testing
Dynamically set a cookie expiration and test group.
Snippets
Allow or deny a request based on a known pre-shared key in a header. This is not meant to replace the WebCrypto API.
Snippets
Browser Cache TTL
Cache Rules
Bulk redirect based on a map object
Redirect requests to certain URLs based on a mapped object to the request's URL.
Snippets
Bypass Cache on Cookie
Cache Rules
Cache by Device Type
Cache Rules
Cache Deception Armor
Cache Rules
Cache Everything while ignoring query strings
Cache Everything while ignoring query strings
Cache Rules
Cache Level (Cache Everything)
Cache Level (Cache Everything)
Cache Rules
Cache TTL by status code
Cache Rules
Change origin and modify paths
Route requests to a different origin, prepend a directory to the URL path, and remove specific segments.
Snippets
Change URI Path and Host Header
Learn how to adjust the URI path and Host
header for incoming requests. This example demonstrates using both Transform Rules and Origin Rules to achieve simultaneous modifications.
Transform Rules, Origin Rules
Redirect a response based on the country code in the header of a visitor.
Snippets
Store, retrieve, and remove assets from cache programmatically. Use this template to optimize performance and implement custom caching strategies.
Snippets
Custom Cache Key
Cache Rules
Send debugging information in an errored response to a logging service.
Snippets
Define a single configuration rule using Terraform
Create a configuration rule using Terraform to turn off Email Obfuscation and Browser Integrity Check for API requests in a given zone.
Configuration Rules
Define a single origin rule using Terraform
Create an origin rule using Terraform to override the Host
header, the resolved hostname, and the destination port of API requests.
Origin Rules
Adjust Cross-Origin Resource Sharing (CORS) headers and handle preflight requests.
Snippets
Create a compression rule to turn off Brotli compression for all incoming requests of a given zone.
Compression Rules
Disable compression for AVIF images
Create a compression rule to turn off compression for AVIF images, based on either the content type or the file extension specified in the request.
Compression Rules
Edge Cache TTL
Cache Rules
Enable Zstandard compression for default content types
Create a compression rule to turn on Zstandard compression for response content types where Cloudflare applies compression by default.
Compression Rules
Follow redirects from the origin
Modify the fetch request to follow redirects from the origin, ensuring the client receives the final response.
Snippets
Serve a custom maintenance page instead of fetching content from the origin server or cache. Ideal for downtime notifications, planned maintenance, or emergency messages.
Snippets
Origin Cache Control
Cache Rules
Override a Set-Cookie header with a certain value
Get a specific Set-Cookie
header and update it with a certain value.
Snippets
Create a redirect rule to redirect visitors using mobile devices to a different hostname.
Redirect Rules
Query String Sort
Cache Rules
Redirect 403 Forbidden to a different page
If origin responded with 403 Forbidden
error code, redirect to different page.
Snippets
Redirect admin area requests to HTTPS
Create a redirect rule to redirect requests for the administration area of store.example.com
to HTTPS, keeping the original path and query string.
Redirect Rules
Redirect from one domain to another
Redirect all requests from one domain to another domain.
Snippets
Create a redirect rule to forward HTTPS requests from the root (also known as the “apex” or “naked” domain) to the WWW subdomain.
Redirect Rules
Create a redirect rule to forward HTTPS requests from the WWW subdomain to the root (also known as the “apex” or “naked” domain).
Redirect Rules
Redirect local visitors to specific subdomains
Create a redirect rule to redirect United Kingdom and France visitors from the example.com
website's root path (/
) to their localized subdomains https://gb.example.com
and https://fr.example.com
, respectively.
Redirect Rules
Redirect requests for a domain to a new domain
Create a redirect rule to redirect all URLs for a domain to point to the root of a new domain, including any subdomains of the old domain.
Redirect Rules
Redirect requests from one country to a domain
Create a redirect rule to redirect all website visitors from the United Kingdom to a different domain, maintaining the current functionality in the same paths.
Redirect Rules
Redirect requests from one domain to another
Create a redirect rule to redirect all requests to a different domain, maintaining all functionality, except for the discontinued HTTP service (port 80).
Redirect Rules
Redirect requests to a different hostname
Create a redirect rule to redirect all requests for smallshop.example.com
to a different hostname using HTTPS, keeping the original path and query string.
Redirect Rules
Redirect visitors to a new page URL
Create a redirect rule to redirect visitors from /contact-us/
to the page's new path /contacts/
.
Redirect Rules
Create a request header modification rule (part of Transform Rules) to remove the cf-connecting-ip
HTTP header from the request.
Transform Rules
Create a response header modification rule (part of Transform Rules) to remove the cf-connecting-ip
HTTP header from the response.
Transform Rules
Remove fields from API response
If origin responds with JSON
, parse the response and delete fields to return a modified response.
Snippets
Create a redirect rule to redirect visitors from an old URL format with locale information to a new URL format.
Redirect Rules
Remove query strings before sending request to origin
Remove certain query strings from a request before passing to the origin.
Snippets
Remove from response all headers that start with a certain name.
Snippets
Respect Strong ETags
Cache Rules
Return information about the incoming request
Respond with information about the incoming request provided by Cloudflare’s global network.
Snippets
Create a transform rule to rewrite the URL format /posts/<YYYY>-<MM>-<DD>-<TITLE>
to the new format /posts/<YYYY>/<MM>/<DD>/<TITLE>
.
Transform Rules
Rewrite image paths with several URL segments
Create a rewrite URL rule (part of Transform Rules) to rewrite any requests for /images/<FOLDER1>/<FOLDER2>/<FILENAME>
to /img/<FILENAME>
.
Transform Rules
Dynamically rewrite links in HTML responses. This is useful for site migrations and branding updates.
Snippets
Rewrite page path for visitors in specific countries
Create two rewrite URL rules (part of Transform Rules) to rewrite the path of the welcome page for visitors in specific countries.
Transform Rules
Rewrite path for object storage bucket
Create a rewrite URL rule (part of Transform Rules) to rewrite any requests for /files/...
URI paths to /...
.
Transform Rules
Rewrite path of archived blog posts
Create a rewrite URL rule (part of Transform Rules) to rewrite any requests for /news/2012/...
URI paths to /archive/news/2012/...
.
Transform Rules
Rewrite path of moved section of a website
Create a rewrite URL rule (part of Transform Rules) to rewrite everything under /blog/<PATH>
to /marketing/<PATH>
.
Transform Rules
Create a transform rule to rewrite the request path from /blog
to /blog?sort-by=date
.
Transform Rules
Route requests with a URI path starting with /images
to a specific AWS S3 bucket using Cloud Connector.
Cloud Connector
Route /images to an S3 Bucket using Terraform
Route requests with a URI path starting with /images
to a specific AWS S3 bucket with Cloud Connector using Terraform.
Cloud Connector
Route to a different origin based on origin response
If response to the original request is not 200 OK
or a redirect, send to another origin.
Snippets
Send Bot Management information to origin
Send Bots information to your origin. Refer to Bot Managenent variables for a full list of available fields.
Snippets
Send EU visitors to a Google Cloud Storage bucket
Route all traffic from EU visitors to a Google Cloud Storage bucket using Cloud Connector.
Cloud Connector
Send suspect bots to a honeypot
Use the bot score field to send bots to a honeypot.
Snippets
Send timestamp to origin as a custom header
Convert timestamp to hexadecimal format and send it as a custom header to the origin.
Snippets
Serve /static-assets from Azure Blob Storage
Route requests with a URI path starting with /static-assets
to an Azure Blob Storage container using Cloud Connector.
Cloud Connector
Set a response header with the current bot score
Create a response header modification rule (part of Transform Rules) to set an X-Bot-Score
HTTP header in the response with the current bot score.
Transform Rules
Set response header with a static value
Create a response header modification rule (part of Transform Rules) to set an X-Bot-Score
HTTP header in the response to a static value (Cloudflare
).
Transform Rules
Set common security headers such as X-XSS-Protection, X-Frame-Options, and X-Content-Type-Options.
Snippets
Verify a signed request using the HMAC and SHA-256 algorithms or return a 403.
Snippets
Define a delay to be used when incoming requests match a rule you consider suspicious.
Snippets
Use Gzip compression for CSV files
Create a compression rule to set Gzip compression as the preferred compression method for CSV files.
Compression Rules
Use only Brotli compression for a specific path
Create a compression rule to set Brotli as the only supported compression algorithm for a specific URI path.
Compression Rules
Validate JSON web tokens (JWT)
Extract the JWT token from a header, decode it, and implement validation checks to verify it.
Snippets