Settings

Settings control the action Cloudflare takes once a request matches the URL pattern defined in a page rule. You can use settings to enable and disable multiple Cloudflare features across the dashboard.

Warning

Consider alternative Rules options due to their enhanced configurability. Refer to the migration guide for details.

For more flexibility and customization, consider using Snippets.

Note that:

• Some settings require a Pro, Business, or Enterprise domain plan.
• You can specify more than one setting to apply when the rule triggers.

Below is the full list of settings available, presented in the order that they appear in the Cloudflare Page Rules page in the Cloudflare dashboard.

Setting	Description	Plans
Always Use HTTPS	Enable Always Use HTTPS feature. If enabled, any http:// URL is converted to https:// through a 301 redirect. If this option does not appear, you do not have an active Edge Certificate.	All
Automatic HTTPS Rewrites	Turn on or off Automatic HTTPS Rewrites. Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	All
Browser Cache TTL	Control how long resources cached by client browsers remain valid. The Cloudflare dashboard and the API both prohibit setting Browser Cache TTL to 0 for non-Enterprise domains.	All
Browser Integrity Check	Inspect the visitor’s browser for headers commonly associated with spammers and certain bots. Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	All
Bypass Cache on Cookie	Bypass cache and fetch resources from the origin server if a regular expression matches against a cookie name present in the request. If you add both this setting and the Cache On Cookie setting to the same page rule, Cache On Cookie takes precedence over Bypass Cache on Cookie. Refer to the Additional details to learn about limited regular expression support.	Business and Enterprise
Cache By Device Type	Separate cached content based on the visitor’s device type.	Enterprise
Cache Deception Armor	Protect from web cache deception attacks while still allowing static assets to be cached. This setting verifies that the URL’s extension matches the returned Content-Type.	All
Cache Key	Also referred to as Custom Cache Key. Control specifically what variables to include when deciding which resources to cache. This allows customers to determine what to cache based on something other than just the URL.	Enterprise
Cache Level	Apply custom caching based on the option selected: – Bypass: Cloudflare does not cache. – No Query String: Delivers resources from cache when there is no query string. – Ignore Query String: Delivers the same resource to everyone independent of the query string. – Standard: Caches all static content that has a query string. – Cache Everything: Treats all content as static and caches all file types beyond the Cloudflare default cached content. Respects cache headers from the origin web server unless Edge Cache TTL is also set in the Page Rule. When combined with an Edge Cache TTL > 0, Cache Everything removes cookies from the origin web server response.	All
Cache on Cookie	Apply the Cache Everything option (Cache Level setting) based on a regular expression match against a cookie name. If you add both this setting and Bypass Cache on Cookie to the same page rule, Cache On Cookie takes precedence over Bypass Cache on Cookie.	Business and above
Cache TTL by Status Code	Enterprise customers can set cache time-to-live (TTL) based on the response status from the origin web server. Cache TTL refers to the duration of a resource in the Cloudflare network before being marked as stale or discarded from cache. Status codes are returned by a resource’s origin. Setting cache TTL based on response status overrides the default cache behavior (standard caching) for static files and overrides cache instructions sent by the origin web server. To cache non-static assets, set a Cache Level of Cache Everything using a Page Rule. Setting no-store Cache-Control or a low TTL (using max-age/s-maxage) increases requests to origin web servers and decreases performance.	Enterprise
Disable Apps	Turn off all active Cloudflare Apps (deprecated). Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	All
Disable Performance	Turn off Rocket Loader, Mirage, and Polish.	All
Disable Security	Turn off Email Obfuscation, Rate Limiting (previous version, deprecated), Scrape Shield, URL (Zone) Lockdown, and WAF managed rules (previous version, deprecated).	All
Disable Zaraz	Turn off Zaraz. Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	All
Edge Cache TTL	Specify how long to cache a resource in the Cloudflare global network. Edge Cache TTL is not visible in response headers.	All
Email Obfuscation	Turn on or off Email Obfuscation. Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	All
Forwarding URL	Redirects one URL to another using an HTTP 301/302 redirect. Refer to Wildcard matching and referencing.	All
Host Header Override	Apply a specific host header. Note You can accomplish the same effect with an origin rule.	Enterprise
IP Geolocation Header	Cloudflare adds a CF-IPCountry HTTP header containing the country code that corresponds to the visitor.	All
Mirage	Turn on or off Mirage. Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	Pro and above
Opportunistic Encryption	Turn on or off the Opportunistic Encryption. Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	All
Origin Cache Control	Origin Cache Control is enabled by default for Free, Pro, and Business domains and disabled by default for Enterprise domains.	All
Origin Error Page Pass-thru	Turn on or off Cloudflare error pages generated from issues sent from the origin server. If enabled, this setting triggers error pages issued by the origin.	Enterprise
Polish	Apply options from the Polish feature of the Cloudflare Speed app. Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	Pro and above
Query String Sort	Turn on or off the reordering of query strings. When query strings have the same structure, caching improves.	Enterprise
Resolve Override	Change the origin address to the value specified in this setting. Note You can accomplish the same effect with an origin rule.	Enterprise
Respect Strong ETags	Turn on or off byte-for-byte equivalency checks between the Cloudflare cache and the origin server.	Enterprise
Response Buffering	Turn on or off whether Cloudflare should wait for an entire file from the origin server before forwarding it to the site visitor. By default, Cloudflare sends packets to the client as they arrive from the origin server.	Enterprise
Rocket Loader	Turn on or off Rocket Loader in the Cloudflare Speed app. Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	All
Security Level	Control options for the Security Level feature from the Security app.  Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	All
SSL	Control options for the SSL feature of the Edge Certificates tab in the Cloudflare SSL/TLS app. Note To use this feature on specific hostnames - instead of across your entire zone - use a configuration rule.	All
True Client IP Header	Turn on or off the True-Client-IP Header feature of the Cloudflare Network app.	Enterprise
Web Application Firewall	Turn on or off WAF managed rules (previous version, deprecated). You cannot enable or disable individual WAF managed rules via Page Rules.	Pro and above