A/B testing with same-URL direct access
Set up an A/B test by controlling what response is served based on cookies.
List examples
Add HEX timestamp to a request header
Add a custom header to requests sent to the origin server with the current timestamp in hexadecimal format for debugging, tracking, or custom routing purposes.
Append dates to cookies to use with A/B testing
Dynamically set a cookie expiration and test group.
Allow or deny a request based on a known pre-shared key in a header. This is not meant to replace the WebCrypto API.
Bulk redirect based on a map object
Redirect requests to certain URLs based on a mapped object to the request's URL.
Change origin and modify paths
Route requests to a different origin, prepend a directory to the URL path, and remove specific segments.
Redirect a response based on the country code in the header of a visitor.
Store, retrieve, and remove assets from cache programmatically. Use this template to optimize performance and implement custom caching strategies.
Send debugging information in an errored response to a logging service.
Adjust Cross-Origin Resource Sharing (CORS) headers and handle preflight requests.
Follow redirects from the origin
Modify the fetch request to follow redirects from the origin, ensuring the client receives the final response.
Serve a custom maintenance page instead of fetching content from the origin server or cache. Ideal for downtime notifications, planned maintenance, or emergency messages.
Override a Set-Cookie header with a certain value
Get a specific Set-Cookie header and update it with a certain value.
Redirect 403 Forbidden to a different page
If origin responded with 403 Forbidden error code, redirect to different page.
Redirect from one domain to another
Redirect all requests from one domain to another domain.
Remove fields from API response
If origin responds with JSON, parse the response and delete fields to return a modified response.
Remove query strings before sending request to origin
Remove certain query strings from a request before passing to the origin.
Remove from response all headers that start with a certain name.
Return information about the incoming request
Respond with information about the incoming request provided by Cloudflare’s global network.
Dynamically rewrite links in HTML responses. This is useful for site migrations and branding updates.
Route to a different origin based on origin response
If response to the original request is not 200 OK or a redirect, send to another origin.
Send Bot Management information to origin
Send Bots information to your origin. Refer to Bot Managenent variables for a full list of available fields.
Send suspect bots to a honeypot
Use the bot score field to send bots to a honeypot.
Send timestamp to origin as a custom header
Convert timestamp to hexadecimal format and send it as a custom header to the origin.
Set common security headers such as X-XSS-Protection, X-Frame-Options, and X-Content-Type-Options.
Verify a signed request using the HMAC and SHA-256 algorithms or return a 403.
Define a delay to be used when incoming requests match a rule you consider suspicious.
Validate JSON web tokens (JWT)
Extract the JWT token from a header, decode it, and implement validation checks to verify it.
import { ListExamples } from "~/components";
<ListExamples directory="rules/snippets/examples" />There are also two optional, additional properties:
filtersstring[]: A list of filters to render that helps someone filter the examples based on values in the frontmatter.additionalProductsstring[]: A list of additional product examples to look across our docs for. Looks for anything matching theproductsfrontmatter in examples across other areas of the docs.