Cloudflare Docs
Version Management
Edit this page
Give us feedback
Set theme to dark (⇧+D)

Cloudflare Version Management

Safely test, deploy, and roll back changes to your zone configurations using Version Management.

​​ Benefits

By using Version Management, you can:

  • Create independent versions to make changes with no risk of impacting live traffic.
  • Safely deploy changes to staging environments ahead of deploy to production.
  • Quickly roll back deployed changes when issues occur.

​​ Availability




For access, enable Zone Versioning in the Cloudflare dashboard.

​​ Limitations

Version Management does not currently support or have limited support for the following products or features:

API Shield
  • Some API Shield configurations are not cloned when a new zone version is created.
  • Customers are allowed to opt-in to remove the UI block that prevents enabling Version Management.
Authenticated Origin Pull
  • Authenticated Origin Pull does not work with Zone Versioning.
  • Accessing your domain from an allowlisted IP returns a Cloudflare 520 error.
  • Cache configurations are versioned, but cache keys are not.
  • Caching a new URL on staging would cache it for production as well.
  • Purging cache on staging would purge it on production too.
  • Promoting a new version to production would wipe all exiting cache.
Cache Rules when used with Cloudflare Images
  • Image Resizing does not work with the additional_cacheable_ports Cache Rule setting and Zone Versioning.
  • If you use additional_cacheable_ports with Image Resizing, the image will be resized every time it is requested and will result in low performance.
Workers Cache API
  • Workers Cache API does not work with Version Management.
  • If you use the Workers Cache API with Zone Versioning, you might encounter unexpected caching behaviours.
China Network
  • Regardless of the version deployed to production, traffic in China will always target the root zone.
  • Other incompatibility issues with Access and ICP licenses.
Cloudflare API
Domain-scoped Roles
  • Domain-scoped Roles apply only to your root zone.
  • Once a new version is created, these roles do not copy over and they lose access to versions.
Image Transformations
Network Error Logging
Page Shield
  • Page Shield is not available for versioning and is only configurable under your Global Configuration.
Security Insights
  • Security Insights are not shown when Zone Versioning is enabled and the first version is deployed to production.
  • Zone Version Management does not currently support Terraform.
  • Customers should either use Terraform or Version Management.
WAF Attack Score
  • WAF Attack Score configurations are not cloned when a new zone version is created.
Waiting Room
  • Waiting Room users active on the site may be placed back in the queue.
  • Waiting Room users in the queue may lose their place in line.
  • Traffic may exceed limits.
  • If a version has a Worker route, it might disappear when a Worker is deployed via Wrangler.
  • If two versions have the same custom domains, the Worker might randomly choose between them.

​​ Requirements

To use Version Management, the following must all be true: