Skip to content

HTTP request response fields

The Cloudflare Rules language supports these HTTP response fields.

http.response.code

http.response.code Integer

The HTTP status code returned to the client, either set by a Cloudflare product or returned by the origin server.

Example value: 403

http.response.headers

http.response.headers Map<Array<String>>

The HTTP response headers represented as a Map (or associative array).

When there are repeating headers, the array includes them in the order they appear in the response. The keys convert to lowercase.

  • Decoding: no decoding performed
  • Whitespace: preserved
  • Non-ASCII: preserved

Example:

any(http.response.headers["server"][*] == "nginx")

Example value:

{"server": ["nginx"]}

http.response.headers.names

http.response.headers.names Array<String>

The names of the headers in the HTTP response. The names are not pre-processed and retain the original case used in the response.

The order of header names is not guaranteed but will match http.response.headers.values.

Duplicate headers are listed multiple times.

  • Decoding: no decoding performed
  • Whitespace: preserved
  • Non-ASCII: preserved

Example:

any(http.response.headers.names[*] == "content-type")

Example value: ["content-type"]

http.response.headers.values

http.response.headers.values Array<String>

The values of the headers in the HTTP response.

The values are not pre-processed and retain the original case used in the response.

The order of header values is not guaranteed but will match http.response.headers.names.

Duplicate headers are listed multiple times.

  • Decoding: no decoding performed
  • Whitespace: preserved
  • Non-ASCII: preserved

Example 1:

any(http.response.headers.values[*] == "application/json")

Example value 1: ["application/json"]

Additionally used to match responses according to the specified operator and the length/size entered for the header value.

Example 2:

any(len(http.response.headers.values[*])[*] gt 10)

Example value 2: ["This header value is longer than 10 bytes"]

http.response.content_type.media_type

http.response.content_type.media_type String

The lowercased content type (including subtype and suffix) without any parameters such as charset, based on the response's Content-Type header.

Example values

Content-Type headerField value
text/html"text/html"
text/html; charset=utf-8"text/html"
text/html+extra"text/html+extra"
text/html+extra; charset=utf-8"text/html+extra"
text/HTML"text/html"
text/html; charset=utf-8; other=value"text/html"

cf.response.1xxx_code

cf.response.1xxx_code Integer

Contains the specific code for 1XXX Cloudflare errors. Use this field to differentiate between 1XXX errors associated with the same HTTP status code. The default value is 0. For a list of 1XXX errors, refer to Troubleshooting Cloudflare 1XXX errors.

Example value: 1020

cf.response.error_type

cf.response.error_type String

A string with the type of error in the response being returned. The default value is an empty string ("").

The available values are the following:

  • managed_challenge
  • iuam
  • legacy_challenge
  • ip_ban
  • waf
  • 5xx
  • 1xxx
  • always_online
  • country_challenge
  • ratelimit

You can use this field to customize the response for a specific type of error (for example, all 1XXX errors or all WAF block actions).