Must Use Page Rules for Everyone

Learn how Page Rules can improve user experience of your domain with hardened security, and enhanced site performance while increasing reliability and minimizing bandwidth usage for your origin server.

To purchase Page Rules, visit the Cloudflare dashboard.


In the above video you will learn how to:

  • Increase security and performance by enforcing secure domain connections
  • Protect your SEO by defining a canonical version of your domain
  • Reduce bandwidth utilization and server load with advanced caching capabilities
  • Optimize performance with HTTP/2 and aggressive caching strategies
  • Enhance the reliability of critical domain assets with Always Online functionality

Video Transcript

In this video we’ll look at how Page Rules can help you harden security, enhance performance and reliability, improve user experience, and minimize bandwidth usage and server load for your domain.

Increase Security & Performance

SSL is enabled by default in the Crypto section of Cloudflare. While this enables your domain to take advantage of SSL, Page Rules allows you to enforce all visitors to connect to your domain securely.

To accomplish this, once you’ve enabled any mode of SSL, create a Page Rule for HTTP that includes an asterisk before and after your domain, and select “Add a Setting” > Always Use HTTPS.

This URL pattern that includes HTTP, with an asterisk before and after your domain ensures that any subdomains, directories or query strings referencing your domain will be forced over HTTPS.

Once you click Save and Deploy, new and returning visitors attempting to connect to your domain over HTTP will be redirected to HTTPS. Keep in mind that this option should generally be the first rule you set in Page Rules. Unless you have a special case, be sure to reorder this rule to appear at the top of your set.

An additional benefit of enforcing a secure connection is that your domain will be able to utilize HTTP/2, which offers performance gains like header compression, server push, and more.

Standardize URL & Protect Your SEO

To maintain consistency when linking internally as well as avoid duplicate content penalties that can dilute your search ranking, Page Rules allows you to define the canonical version of your domain with 301 Forwarding.

If you want to define the root as the canonical version of your domain, create a Page Rule that includes the following:

Add your domain excluding the protocol scheme, which will cover both HTTP and HTTPS.

The Forwarding URL setting is selected with 301 - Permanent Redirect option. From an SEO standpoint, 301 redirects will pass the ranking power to the redirected page.

You’ll notice that my destination URL includes a secure protocol scheme and I’m using a $1 for the directory to match the asterisk in the URL pattern. 1 corresponds to the first asterisk in the URL string from left to right. If I had an asterisk before the domain and wanted to match it, I would use $2 instead of one.

Once I hit Save and Deploy, my URL will be redirecting accordingly.

User-Friendly URLs

With Page Rules, you can redirect URLs in a number of ways both internally and externally. In this example I’m using a 301 - Permanent Redirect to create a user-friendly URL for a page that shows search results for a blog post category.

Using a 302 - Temporary Redirect, in the following 3 examples I’m using my domain to redirect to various social media properties.

Enhancing Reliability & Security

Certain sections of a website, like the login or admin section, have different security and performance requirements than your general public facing pages. With Page Rules, you can target these directories and add some of the following settings:

By using an asterisk without a slash in our URL pattern, I will be matching not only this directory and an associated query strings, but I will also be able to target subdirectories in here as well.

To increase the security of the admin section, I’ve set the Security Level to High. This controls how high a client Threat Score must be for a client will encounter a challenge page. Threat Scores are derived from our IP Reputation database and assigned to clients that attempt to connect to a resource on your domain.

To ensure smooth operations within my admin pages, I’ve set the Cache Level to Bypass so Cloudflare will not cache any of the content within this section. I’ve also disabled any Apps and Performance settings that may conflict with some of the unique functionality of my admin pages.

Reducing Server Load

Certain resources on your domain will likely not change often. For these resources, taking advantage of aggressive caching options can significantly reduce the load on your server and bandwidth utilization.

In this example, I’m targeting a folder that holds the majority of my image assets as well as some other types of multimedia.

Browser Cache TTL instructs the user’s browser on how often it should attempt to request new content from Cloudflare. Since the media in this folder doesn’t change often, a day is a good setting for my needs.

Cache Level: Cache Everything will tell Cloudflare to cache absolutely everything in those directories and not just the default types. This can include content like HTML, movie files, JSON data, and more.

By leveraging an Edge Cache TTL setting of 7 days, I’m telling Cloudflare to only request new versions of the content from my origin server after 7 days. This setting alone significantly impacts both my server load and bandwidth usage. If I want to force a refresh before this time I can use the Purge Cache feature in the Caching section of the dashboard.

Enhancing the Reliability of Your Most Important Pages

There may be certain areas on your domain that rarely change and are critical to your organization, like the Contact Us and Our Team pages. For these types of pages I’ve set the following page rules:

Browser Cache TTL has been set to 1 day.

I’ve enabled the Always Online feature for these pages. If my origin server were to go down, Cloudflare will serve pages from cache so visitors still see the content.

Since my pages are heavily reliant on static content, the Cache Level is set to Cache Everything to make sure that all of the content, including the HTML is preserved in cache.

Finally, I set a very aggressive Edge Cache TTL to a month, which instructs Cloudflare to only request new versions of the content from my origin server after a month.


By following the Page Rules outlined in this video, your domain can take better advantage of Cloudflare’s features that increase the security, performance, and reliability of your property.

The number of Page Rules available to your domain is limited by plan type. If you need more Page Rules, Cloudflare now offers you the ability to purchase more Page Rules a la carte. Be sure to visitor our plans page for more information at: