Cloudflare Docs
Rules
Rules
Edit this page on GitHub
Set theme to dark (⇧+D)

Configuration Rules settings

You can change the configuration settings described below in a configuration rule.

​​ Automatic HTTPS Rewrites

Automatic HTTPS Rewrites prevents end users from seeing Mixed content errors by rewriting URLs from http to https for resources or links on your website that can be served with HTTPS.

Use this setting to turn on or off Automatic HTTPS Rewrites for matching requests.

API information

API configuration property name: "automatic_https_rewrites" (boolean).

API configuration example
"action_parameters": {
"automatic_https_rewrites": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Auto Minify (deprecated)

Auto Minify can remove all unnecessary characters from HTML, JavaScript, and CSS files.

Use this setting to configure which file extensions you want to minify automatically:

  • HTML
  • CSS
  • JS
API information

API configuration object name: "autominify" (object).

API configuration example
"action_parameters": {
"autominify": {
"html": true,
"css": true,
"js": false
}
}

Refer to Create a configuration rule via API for complete API examples.

​​ Browser Integrity Check

Browser Integrity Check blocks access to pages based on specific HTTP headers commonly abused by spammers.

Use this setting to turn on or off Browser Integrity Check for matching requests.

API information

API configuration property name: "bic" (boolean).

API configuration example
"action_parameters": {
"bic": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Disable Apps

Cloudflare Apps, now deprecated, is a platform for sharing high-quality apps that anyone with a website can use.

Use this setting to turn off all active Cloudflare Apps for matching requests.

API information

API configuration property name: "disable_apps" (boolean).

API configuration example
"action_parameters": {
"disable_apps": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Disable Real User Monitoring (RUM)

Cloudflare Web Analytics, also known as Real User Monitoring (RUM), is Cloudflare’s free, privacy-first analytics for your website.

Use this setting to turn off Web Analytics for matching requests.

API information

API configuration property name: "disable_rum" (boolean).

API configuration example
"action_parameters": {
"disable_rum": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Disable Zaraz

Cloudflare Zaraz gives you complete control over third-party tools and services for your website, and allows you to offload them to the Cloudflare global network.

Use this setting to turn off Zaraz for matching requests.

API information

API configuration property name: "disable_zaraz" (boolean).

API configuration example
"action_parameters": {
"disable_zaraz": true
}

Refer to Create a configuration rule via API for complete API examples.

Hotlink Protection prevents your images from being used by other sites, potentially reducing the bandwidth consumed by your origin server.

Use this setting to turn on or off Hotlink Protection for matching requests.

API information

API configuration property name: "hotlink_protection" (boolean).

API configuration example
"action_parameters": {
"hotlink_protection": false
}

Refer to Create a configuration rule via API for complete API examples.

​​ Email Obfuscation

Email Obfuscation helps in spam prevention by hiding email addresses appearing in your pages from email harvesters and other bots, while remaining visible to your site visitors.

Use this setting to turn on or off Email Obfuscation for matching requests.

API information

API configuration property name: "email_obfuscation" (boolean).

API configuration example
"action_parameters": {
"email_obfuscation": false
}

Refer to Create a configuration rule via API for complete API examples.

​​ Fonts

Cloudflare Fonts rewrites Google Fonts to be delivered from a website’s own origin, eliminating the need to rely on third-party font providers.

Use this setting to turn on or off Cloudflare Fonts for matching requests.

API information

API configuration property name: "fonts" (boolean).

API configuration example
"action_parameters": {
"fonts": false
}

Refer to Create a configuration rule via API for complete API examples.

​​ Mirage

Mirage accelerates image delivery for your visitors based on their device.

Use this setting to turn on or off Mirage for matching requests.

API information

API configuration property name: "mirage" (boolean).

API configuration example
"action_parameters": {
"mirage": false
}

Refer to Create a configuration rule via API for complete API examples.

​​ Opportunistic Encryption

Opportunistic Encryption allows browsers to access HTTP URIs over an encrypted TLS channel.

Use this setting to turn on or off Opportunistic Encryption for matching requests.

API information

API configuration property name: "opportunistic_encryption" (boolean).

API configuration example
"action_parameters": {
"opportunistic_encryption": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Polish

Cloudflare Polish is a one-click image optimization product that automatically optimizes images in your site.

Use this setting to configure Polish for matching requests:

  • Off
  • Lossless
  • Lossy

Refer to Compression options for more information on these values.

API information

API configuration property name: "polish" (string).

API values: "off", "lossless", "lossy".

API configuration example
"action_parameters": {
"polish": "lossless"
}

Refer to Create a configuration rule via API for complete API examples.

​​ Rocket Loader

Rocket Loader prioritizes your website’s content (such as text, images, and fonts) by deferring the loading of all your JavaScript code until after rendering.

Use this setting to turn on or off Rocket Loader for matching requests.

API information

API configuration property name: "rocket_loader" (boolean).

API configuration example
"action_parameters": {
"rocket_loader": true
}

Refer to Create a configuration rule via API for complete API examples.

​​ Security Level

Security Level controls Managed Challenges for requests from low reputation IP addresses.

Use this setting to select the security level for matching requests:

  • Off
  • Essentially Off
  • Low
  • Medium
  • High
  • I’m Under Attack

Refer to Security levels for more information on these values.

API information

API configuration property name: "security_level" (string).

API values: "off", "essentially_off", "low", "medium", "high", "under_attack".

API configuration example
"action_parameters": {
"security_level": "low"
}

Refer to Create a configuration rule via API for complete API examples.

​​ Server Side Excludes (deprecated)

Server Side Excludes (SSE) allow you to provide specific pieces of content to real website visitors while hiding that content from suspicious visitors.

Use this setting to turn on or off Server Side Excludes for matching requests.

API information

API configuration property name: "server_side_excludes" (boolean).

API configuration example
"action_parameters": {
"server_side_excludes": false
}

Refer to Create a configuration rule via API for complete API examples.

​​ SSL

SSL/TLS encryption modes control the scheme (http:// or https://) that Cloudflare uses to connect to your origin web server and how SSL certificates presented by your origin will be validated.

Use this setting to configure the SSL/TLS encryption mode for matching requests:

  • Off
  • Flexible
  • Full
  • Strict
  • Origin Pull

Refer to Available encryption modes for more information on these values.

API information

API configuration property name: "ssl" (string).

API values: "off", "flexible", "full", "strict", "origin_pull".

API configuration example
"action_parameters": {
"ssl": "flexible"
}

Refer to Create a configuration rule via API for complete API examples.

​​ SXG

Signed Exchanges (SXG) is an open standard that makes it possible to cryptographically authenticate the origin of a resource independently of how it is delivered.

Use this setting to turn on or off signed exchanges for matching requests.

API information

API configuration property name: "sxg" (boolean).

API configuration example
"action_parameters": {
"sxg": false
}

Refer to Create a configuration rule via API for complete API examples.