32 Cloudflare Settings to Boost Your Website Performance in 2022

31 Aug, 2023

With 250+ POPs (Points of Presence) across the globe, Cloudflare is one of the most popular CDN.

This tutorial will recommend some of the Best Cloudflare Settings to get maximum optimization and security advantage from Cloudflare.

I assume that you have already created an account with Cloudflare and connected your domain name.

If not yet, head over to Cloudflare creates an account to give a performance boost to your website.

Best Cloudflare Settings We Recommend

So, let us get started to optimize your Cloudflare settings.

Once you logged in to your Cloudflare account and click on the domain name you have added, you see the Overview Page.

Cloudflare Overview Page

In this Overview tab, you can summarize your domain’s performance, such as Analytics.

Quick Actions like Purge Cache, toggle Development Mode On and Off are also presented here.

Cloudflare Menu

These are the Cloudflare Menu structure.

Now we are going to tap the Analytics tab.

Cloudflare Analytics

Analytics tab contains read-only data like Number of Requests Through Cloudflare, Unique Visitors you had in a timeframe, Web Traffic Requests by Country.

You don’t have any settings to update here.

Requests Through Cloudflare

Cloudflare DNS

DNS Management page in Cloudflare is one of the critical pages in your Cloudflare account.

All the DNS related settings are here.

You can add, modify and delete DNS zones such as A, CNAME, MX, TXT.

DNSSEC

DNSSEC protects against forged DNS answers.

DNSSEC protected zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by the domain owner.

  • Enable DNSSEC

Cloudflare SSL/TLS

Cloudflare redesigned their SSL/TSL page recently.

You can now easily understand the different SSL/TLS encryption mode Cloudflare offers now.

This setting is under the Overview tab.

Cloudflare SSL TLS Encryption Mode
  • Select Full (strict)

SSL/TLS Recommender (Beta)

To check if your website can use a more secure SSL/TLS mode, enable the SSL/TLS Recommender. You can then receive an email with Cloudflare’s recommendation.

  • On SSL/TLS Recommender

Always Use HTTPS

This setting is now under the Edge Certificates tab. Redirect all requests with scheme HTTP to HTTPS. This applies to all HTTP requests to the zone.

  • On Always Use HTTPS

HTTP Strict Transport Security (HSTS)

Having an HSTS enforce web security policy for your website.

At Rovity, we enable HSTS to all the domains serves through our network.

You may not enable HSTS in your Cloudflare account if your domain is hosted with us.

  • Enable HSTS
Cloudflare HSTS Settings

The Enable HSTS button will give you a Change HSTS Settings page.

These are the recommended settings.

  • Enable HSTS (Strict-Transport-Security)
  • Max Age Header (max-age): 12 months
  • Apply HSTS policy to subdomains (includeSubDomains)
  • Preload
  • No-Sniff Header

Minimum TLS Version

Only allow HTTPS connections from visitors that support the selected TLS protocol version or newer. Major browsers such as IE 11, Opera Mini, and UC Browser for Android won’t support TLS 1.3.

Unless you are sure that your visitors will only use modern browsers like Firefox, Chrome, Opera, I recommend you to switch to TLS 1.2.

  • TLS 1.2

Opportunistic Encryption

Opportunistic Encryption allows browsers to benefit from the improved performance of HTTP/2 by letting them know that your site is available over an encrypted connection. Browsers will continue to show HTTP in the address bar, not HTTPS.

  • On Opportunistic Encryption

TLS 1.3

Enable the latest version of the TLS protocol for improved security and performance.TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol.

SSL/TLS is the protocol that encrypts communication between users and your website.

By turning on the TLS 1.3 feature, traffic to and from your website will be served over the TLS 1.3 protocol when supported by clients.

So, you don’t need to worry about compatibility issues.

  • On TLS 1.3

Automatic HTTPS Rewrites

Automatic HTTPS Rewrites helps fix mixed content by changing HTTP to HTTPS for all resources or links on your website that can be served with HTTPS.

  • On Automatic HTTPS Rewrites

Certificate Transparency Monitoring (Beta)

Receive an email when a Certificate Authority issues a certificate for your domain. Certificate Transparency Monitoring is a Beta feature currently.

  • On Certificate Transparency Monitoring

You tried all those expensive WordPress caching plugins and subscribed to highly-priced managed WordPress or managed VPS services. Still, you can’t see your WordPress website loading within a few milliseconds? Have you lost all hope?

I have written How to Turbocharge Your WordPress Site in 4 Easy Steps guide to help you cut down your hosting subscription cost and make your WordPress website fly like a rocket.

Take these 4 easy steps and boost your WordPress website performance that it deserves. Then cut down on your hosting costs and see your SEO skyrocket.

Cloudflare Firewall

Under the Firewall menu, there are many security-related settings you can change.

Click on the Settings menu on the right side. There we can adjust the settings.

Security Level

Adjust your website’s Security Level to determine which visitors will receive a challenge page.

Cloudflare offers different Security Levels to stop threatening visitors.

Cloudflare Security Level Page

The visitors will see this page for up to five seconds.

The Security Level you choose will determine which Cloudflare will present visitors with a challenge page.

We recommend starting at Medium. If you are experiencing a DDoS attack or similar flood of useless traffic, switch to I’m Under Attack!

  • Medium

Bot Fight Mode

This is now moved to Tools tab.

Challenge requests matching patterns of known bots before they can access your site. Requests matching Cloudflare-identified, non-legitimate automated traffic patterns will be challenged or blocked by Cloudflare.

  • On Bot Fight Mode

Challenge Passage

Specify the length of time that a visitor, who has completed a Captcha or JavaScript Challenge, can access your website. When the configured timeout expires, the visitor will be issued a new challenge.

Start with 30 minutes and adjust based on your needs.

  • 30 minutes

Browser Integrity Check

Evaluate HTTP headers from your visitor’s browser for threats. If a threat is found, Cloudflare will deliver a block page.

  • On Browser Integrity Check

Privacy Pass Support

Privacy Pass is a browser extension developed by the Privacy Pass Team to improve your visitors’ browsing experience. Enabling Privacy Pass will reduce the number of CAPTCHAs shown to your visitors.

  • On Privacy Pass Support

Cloudflare Speed

Under the Speed menu, we have the Optimization and Browser Insights tab.

Let us now head over to the Optimization tab.

Auto Minify

Reduce the file size of source code on your website. Enable all of them.

  • JavaScript
  • CSS
  • HTML

Brotli

Speed up page load times for your visitor’s HTTPS traffic by applying Brotli compression. Rovity now supports Brotli across our servers, so you might not need to enable this.

  • On Brotli

Rocket Loader™

Improve the paint time for pages that include JavaScript. Off this, if your website is hosted with us.

  • On Rocket Loader

AMP Real URL

Display your site’s actual URL on your AMP pages instead of the traditional Google AMP cache URL.

  • On AMP Real URL

Browser Insights

You can find out how fast your web pages load by enabling Browser Insights. This setting is under the Browser Insights tab.

  • On Browser Insights

Cloudflare Caching

This page contains one of the magical settings.

You can manage caching settings for your website on this page’s Configuration tab.

Purge Cache

You can Clear cached files to force Cloudflare to fetch the new version of those files from your web server.

These are not settings you set and forgot. You may use this often.

Custom Purge will clear files selectively. Purge Everything will clear all at once.

Caching Level

Determine how much of your website’s static content you want Cloudflare to cache. Increased caching can speed up page load time.

  • Select Standard

Browser Cache TTL

Determine the length of time Cloudflare instructs a visitor’s browser to cache files. During this period, the browser loads the files from its local cache, speeding up page loads.

  • Select 1 year

CSAM Scanning Tool (Beta)

The Child Sexual Abuse Material (CSAM) Scanning Tool allows website owners to proactively identify and take action on CSAM located on their website.

Enabling this service will alert you of any image files that match known CSAM and that have been uploaded to your website.

So you can take immediate action. CSAM Scanning Tool is beneficial when you allow visitors to upload content to your websites.

CSAM Scanning Tool is currently in Beta.

  • On CSAM Scanning Tool

Always Online™

Keep your website online for visitors when your origin server is unavailable. Always Online serves limited copies of web pages to users instead of errors when your server is unreachable.

An updated version of Always Online uses the Internet Archive’s Wayback Machine to serve more comprehensive snapshots than previously available.

  • On Always Online

Development Mode

You can temporarily bypass the Cloudflare cache allowing you to see changes to your origin server in realtime.

Toggling Development Mode is helpful when you are actively developing or debugging your website.

Cloudflare Network

Here you can manage network settings for your website. This page is another crucial section that affects your performance, so please look carefully.

HTTP/2

Cloudflare will accelerates your website with HTTP/2. Rovity now offers HTTP/3 across our servers, so you might not need to enable this.

  • On HTTP/2

HTTP/3 (with QUIC)

Accelerates HTTP requests by using QUIC, which provides encryption and performance improvements compared to TCP and TLS.

Rovity now offers HTTP/3 across our servers, so you might not need to enable this.

  • On HTTP/3 (with QUIC)

0-RTT Connection Resumption

Improves performance for clients who have previously connected to your website.

  • On 0-RTT Connection Resumption

IPv6 Compatibility

Enable IPv6 support and gateway.

  • On IPv6 Compatibility

WebSockets

Allow WebSockets connections to your origin server.

  • On WebSockets

IP Geolocation

Include the country code of the visitor location with all requests to your website.

  • On IP Geolocation

Cloudflare Scrape Shield

Cloudflare’s Scrape Shield protects content on your site.

Email Address Obfuscation

Display obfuscated email addresses on your website to prevent harvesting by bots and spammers, without visible changes to human visitors’ address.

  • On Email Address Obfuscation

Server-side Excludes

Automatically hide specific content from disreputable visitors.

  • On Server-side Excludes

That’s the end of this massive list of Cloudflare performance and security optimization.

If you have any questions, feel free to add them in the comments box below.

Tier 1 Network Partners. < 30ms Global Latency.

Get access to our vibrant CDN for FREE and have a blazing fast website next to your customers; wherever they live.
In India, we have PoPs in Bangalore, Chennai, Mumbai, and New Delhi.

If you enjoyed this tutorial, then you’ll love Rovity and our fast-growing premium shared hosting on the cloud. Check our subscription plans.

Jafar Muhammed

Jafar Muhammed has 10+ years of experience in WordPress, web hosting, domain names, DNS, CDN, server administration, etc. He is an open web advocate. He is the CEO of Rovity, the fastest-growing premium shared hosting startup in India.

Related Posts

Check Out These

We just wanted to let you know that you might find the following related posts interesting. If so, keep reading 😉