The Ultimate Guide to Cloudflare Security Headers

· 1 min read
The Ultimate Guide to Cloudflare Security Headers

Safeguarding your website from online threats is paramount. Security Headers act as a powerful shield, deflecting common cyber attacks. This guide provides a clear and straightforward method to configure these essential headers through Cloudflare, ensuring robust protection for your website.

Activate Cloudflare Proxy

To apply Security Headers on Cloudflare, you need to enable Cloudflare proxy for your domain. Access your Cloudflare account, select the domain, and follow these steps:

  • Go to "DNS" > "Records".
  • Enable "CloudFlare Proxy".

Add Security Headers Rules

  • Access "Rules" > "Transform Rules".
  • Choose the tab "Modify Response Header" > "Create rule".
  • Name the rule > Select "All incoming requests".
  • Add the following rules:
  1. content-security-policy | upgrade-insecure-requests; block-all-mixed-content
  2. permissions-policy | accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=()
  3. referrer-policy | no-referrer-when-downgrade
  4. strict-transport-security | max-age=31536000; includeSubDomains; preload
  5. x-content-type-options | nosniff
  6. x-frame-options | SAMEORIGIN
  7. x-xss-protection | 1; mode=block
  • Select Deploy

Check the Results

Visit the website https://securityheaders.com/ to check the effectiveness of Security Headers. The goal is to achieve an A+ grade.

Configuring Security Headers with Cloudflare helps protect your website against many common cyber attacks. Follow the instructions above to enhance the security of your website.