Examples
Explore the following examples for Rules.
Disable Brotli compression
Create a compression rule to turn off Brotli compression for all incoming requests of a given zone.Disable compression for AVIF images
Create a compression rule to turn off compression for AVIF images, based on either the content type or the file extension specified in the request.Enable Zstandard compression for default content types
Create a compression rule to turn on Zstandard compression for response content types where Cloudflare applies compression by default.Use Gzip compression for CSV files
Create a compression rule to set Gzip compression as the preferred compression method for CSV files.Use only Brotli compression for a specific path
Create a compression rule to set Brotli as the only supported compression algorithm for a specific URI path.Route /images to an S3 Bucket using Terraform
Route requests with a URI path starting with `/images` to a specific AWS S3 bucket with Cloud Connector using Terraform.Route /images to an S3 Bucket
Route requests with a URI path starting with `/images` to a specific AWS S3 bucket using Cloud Connector.Send EU visitors to a Google Cloud Storage bucket
Route all traffic from EU visitors to a Google Cloud Storage bucket using Cloud Connector.Serve /static-assets from Azure Blob Storage
Route requests with a URI path starting with `/static-assets` to an Azure Blob Storage container using Cloud Connector.Define a single configuration rule using Terraform
Create a configuration rule using Terraform to turn off Email Obfuscation and Browser Integrity Check for API requests in a given zone.Change the destination port
Create an origin rule to change the destination port.Change the HTTP Host header and DNS record
Create an origin rule to change the HTTP `Host` header and the resolved DNS record.Define a single origin rule using Terraform
Create an origin rule using Terraform to override the `Host` header, the resolved hostname, and the destination port of API requests.A/B testing with same-URL direct access
Set up an A/B test by controlling what response is served based on cookies.Append dates to cookies to use with A/B testing
Dynamically set a cookie expiration and test group.Auth with headers
Allow or deny a request based on a known pre-shared key in a header. This is not meant to replace the [WebCrypto API](/workers/runtime-apis/web-crypto/).Send Bot Management information to origin
Send [Bots](/bots/) information to your origin. Refer to [Bot Managenent variables](/bots/reference/bot-management-variables/) for a full list of available fields.Send suspect bots to a honeypot
Use the [bot score field](/workers/runtime-apis/request/#incomingrequestcfproperties) to send bots to a honeypot.Bulk redirect based on a map object
Redirect requests to certain URLs based on a mapped object to the request's URL.Country code redirect
Redirect a response based on the country code in the header of a visitor.Custom cache
Store, retrieve, and remove assets from cache programmatically. Use this template to optimize performance and implement custom caching strategies.Define CORS headers
Adjust [Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) headers and handle preflight requests.Debugging logs
Send debugging information in an errored response to a logging service.Follow redirects from the origin
Modify the fetch request to follow redirects from the origin, ensuring the client receives the final response.Add HEX timestamp to a request header
Add a custom header to requests sent to the origin server with the current timestamp in hexadecimal format for debugging, tracking, or custom routing purposes.Validate JSON web tokens (JWT)
Extract the JWT token from a header, decode it, and implement validation checks to verify it.Maintenance page
Serve a custom maintenance page instead of fetching content from the origin server or cache. Ideal for downtime notifications, planned maintenance, or emergency messages.Override a Set-Cookie header with a certain value
Get a specific `Set-Cookie` header and update it with a certain value.Redirect 403 Forbidden to a different page
If origin responded with `403 Forbidden` error code, redirect to different page.Redirect from one domain to another
Redirect all requests from one domain to another domain.Remove fields from API response
If origin responds with `JSON`, parse the response and delete fields to return a modified response.Remove query strings before sending request to origin
Remove certain query strings from a request before passing to the origin.Remove response headers
Remove from response all headers that start with a certain name.Return information about the incoming request
Respond with information about the incoming request provided by Cloudflare’s global network.Rewrite links on HTML pages
Dynamically rewrite links in HTML responses. This is useful for site migrations and branding updates.Change origin and modify paths
Route requests to a different origin, prepend a directory to the URL path, and remove specific segments.Set security headers
Set common security headers such as X-XSS-Protection, X-Frame-Options, and X-Content-Type-Options.Send timestamp to origin as a custom header
Convert timestamp to hexadecimal format and send it as a custom header to the origin.Route to a different origin based on origin response
If response to the original request is not `200 OK` or a redirect, send to another origin.Sign requests
Verify a signed request using the HMAC and SHA-256 algorithms or return a 403.Slow down suspicious requests
Define a delay to be used when incoming requests match a rule you consider suspicious based on the bot score.Add a request header with the current bot score
Create a request header transform rule to add a `X-Bot-Score` HTTP header to the request with the current bot score.Add request header with a static value
Create a request header transform rule to add an `X-Source` HTTP header to the request with a static value (`Cloudflare`).Add a request header for subrequests from other zones
Create a request header transform rule to add an HTTP header when the Workers subrequest comes from a different zone.Add a response header with a static value
Create a response header transform rule to add a `set-cookie` HTTP header to the response with a static value (`cookiename=value`).Normalize encoded slashes in URL path
Create a URL rewrite rule (part of Transform Rules) to normalize encoded forward slashes (`%2F`) in the request path to standard slashes (`/`).Remove a request header
Create a request header transform rule (part of Transform Rules) to remove the `cf-connecting-ip` HTTP header from the request.Remove a response header
Create a response header transform rule (part of Transform Rules) to remove the `cf-connecting-ip` HTTP header from the response.Rewrite blog archive URLs
Create a transform rule to rewrite the URL format `/posts/<YYYY>-<MM>-<DD>-<TITLE>` to the new format `/posts/<YYYY>/<MM>/<DD>/<TITLE>`.Rewrite path of moved section of a website
Create a URL rewrite rule (part of Transform Rules) to rewrite everything under `/blog/<PATH>` to `/marketing/<PATH>`.Rewrite path of archived blog posts
Create a URL rewrite rule (part of Transform Rules) to rewrite any requests for `/news/2012/...` URI paths to `/archive/news/2012/...`.Rewrite path for object storage bucket
Create a URL rewrite rule (part of Transform Rules) to rewrite any requests for `/files/...` URI paths to `/...`.Rewrite image paths with several URL segments
Create a URL rewrite rule (part of Transform Rules) to rewrite any requests for `/images/<FOLDER1>/<FOLDER2>/<FILENAME>` to `/img/<FILENAME>`.Rewrite URL query string
Create a transform rule to rewrite the request path from `/blog` to `/blog?sort-by=date`.Rewrite page path for visitors in specific countries
Create two URL rewrite rules (part of Transform Rules) to rewrite the path of the welcome page for visitors in specific countries.Set a response header with the current bot score
Create a response header transform rule (part of Transform Rules) to set an `X-Bot-Score` HTTP header in the response with the current bot score.Set response header with a static value
Create a response header transform rule (part of Transform Rules) to set an `X-Bot-Score` HTTP header in the response to a static value (`Cloudflare`).Redirect admin area requests to HTTPS
Create a redirect rule to redirect requests for the administration area of `store.example.com` to HTTPS, keeping the original path and query string.Redirect requests from one domain to another
Create a redirect rule to redirect all requests to a different domain, maintaining all functionality, except for the discontinued HTTP service (port 80).Perform mobile redirects
Create a redirect rule to redirect visitors using mobile devices to a different hostname.Redirect requests from one country to a domain
Create a redirect rule to redirect all website visitors from the United Kingdom to a different domain, maintaining the current functionality in the same paths.Redirect requests for a domain to a new domain
Create a redirect rule to redirect all URLs for a domain to point to the root of a new domain, including any subdomains of the old domain.Redirect requests to a different hostname
Create a redirect rule to redirect all requests for `smallshop.example.com` to a different hostname using HTTPS, keeping the original path and query string.Redirect local visitors to specific subdomains
Create a redirect rule to redirect United Kingdom and France visitors from the `example.com` website's root path (`/`) to their localized subdomains `https://gb.example.com` and `https://fr.example.com`, respectively.Redirect visitors to a new page URL
Create a redirect rule to redirect visitors from `/contact-us/` to the page's new path `/contacts/`.Redirect from root to WWW
Create a redirect rule to forward HTTPS requests from the root (also known as the “apex” or “naked” domain) to the WWW subdomain.Remove locale from URL path
Create a redirect rule to redirect visitors from an old URL format with locale information to a new URL format.Redirect from WWW to root
Create a redirect rule to forward HTTPS requests from the WWW subdomain to the root (also known as the “apex” or “naked” domain).Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
