Skip to content

gRPC connections

Cloudflare offers support for gRPC to protect your APIs on any proxied gRPC endpoints. The gRPC protocol helps build efficient APIs with smaller payloads for reduced bandwidth usage, decreased latency, and faster implementations.

Availability

Free Pro Business Enterprise

Availability

Yes

Yes

Yes

Yes

Charges may occur for gRPC traffic over add-on products such as Argo Smart Routing, WAF, and Bot Management.

Limitations

Running gRPC traffic on Cloudflare is compatible with most Cloudflare products.

However, the following products have limited capabilities with gRPC requests:

  • The Cloudflare WAF will only run for header inspection during the connection phase. WAF Managed Rules will not run on the content of a gRPC stream.
  • Cloudflare Tunnel supports gRPC traffic via private subnet routing. Public hostname deployments are not currently supported.

  • Cloudflare Access does not support gRPC traffic sent through Cloudflare’s reverse proxy. gRPC traffic will be ignored by Access if gRPC is enabled in Cloudflare. We recommend disabling gRPC for any sensitive origin servers protected by Access or enabling another means of authenticating gRPC traffic to your origin servers.

Enable gRPC

Requirements

  • Your gRPC endpoint must listen on port 443. 
  • Your gRPC endpoint must support TLS and HTTP/2.
  • HTTP/2 must be advertised over ALPN.
  • Use application/grpc or application/grpc+<message type (for example: application/grpc+proto) for the Content-Type header of gRPC requests.
  • Make sure that the hostname that hosts your gRPC endpoint:

Procedure

To change the gRPC setting in the dashboard:

  1. Log in to your Cloudflare account and go to a specific domain.
  2. Go to Network.
  3. For gRPC, switch the toggle to On.