A/B testing with same-URL direct access
Set up an A/B test by controlling what response is served based on cookies.
List examples
Append dates to cookies to use with A/B testing
Dynamically set a cookie expiration and test group.
Allow or deny a request based on a known pre-shared key in a header. This is not meant to replace the WebCrypto API.
Bulk redirect based on a map object
Redirect requests to certain URLs based on a mapped object to the request's URL.
Redirect a response based on the country code in the header of a visitor.
Send debugging information in an errored response to a logging service.
Adjust Cross-Origin Resource Sharing (CORS) headers and handle preflight requests.
Override a Set-Cookie header with a certain value
Get a specific Set-Cookie header and update it with a certain value.
Redirect `403 Forbidden` to a different page
If origin responded with 403 Forbidden error code, redirect to different page.
Redirect from one domain to another
Redirect all requests from one domain to another domain.
Remove fields from API response
If origin responds with JSON, parse the response and delete fields to return a modified response.
Remove query strings before sending request to origin
Remove certain query strings from a request before passing to the origin.
Remove from response all headers that start with a certain name.
Return information about the incoming request
Respond with information about the incoming request provided by Cloudflare’s global network.
Route to a different origin based on origin response
If response to the original request is not 200 OK or a redirect, send to another origin.
Send Bot Management information to origin
Send Bots information to your origin. Refer to Bot Managenent variables for a full list of available fields.
Send suspect bots to a honeypot
Use the bot score field to send bots to a honeypot.
Send timestamp to origin as a custom header
Convert timestamp to hexadecimal format and send it as a custom header to the origin.
Set common security headers such as X-XSS-Protection, X-Frame-Options, and X-Content-Type-Options.
Verify a signed request using the HMAC and SHA-256 algorithms or return a 403.
Define a delay to be used when incoming requests match a rule you consider suspicious.
Validate JSON web tokens (JWT)
Extract the JWT token from a header, decode it, and implement validation checks to verify it.
import { ListExamples } from "~/components";
<ListExamples directory="rules/snippets/examples" />There are also two optional, additional properties:
filtersstring[]: A list of filters to render that helps someone filter the examples based on values in the frontmatter.additionalProductsstring[]: A list of additional product examples to look across our docs for. Looks for anything matching theproductsfrontmatter in examples across other areas of the docs.