Activating a CDN is the next step to improve your website performance.
There are many free and paid CDN services.
With 194 POPs (Points of Presence) across the globe, Cloudflare is among the most popular.
In this tutorial, I will recommend some of the Best Cloudflare Settings to get maximum optimisation and security advantage from Cloudflare.
I assume that you have already created an account with Cloudflare and connected your domain name.
If not yet, head over to Cloudflare creates an account to give a performance boost to your website.
Best Cloudflare Settings We Recommend
So, let us get started to optimize your Cloudflare settings.
Once you logged in to your Cloudflare account and click on the domain name you have added, you see the Overview Page.
In this Overview tab, you can see the summary of your domain’s performance, such as Analytics.
Quick Actions like Purge Cache, toggle Development Mode On and Off also presented here.
These are the Cloudflare Menu structure.
Now we are going to tap the Analytics tab.
Analytics tab contains read-only data like Number of Requests Through Cloudflare, Unique Visitors you had in a timeframe, Web Traffic Requests by Country.
You don’t have any settings to update here.
DNS Management page in Cloudflare is one of the critical pages in your Cloudflare account.
All the DNS related settings are here.
You can add, modify and delete DNS zones such as A, CNAME, MX, TXT.
DNSSEC protects against forged DNS answers.
DNSSEC protected zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by the domain owner.
Cloudflare redesigned their SSL/TSL page recently.
You can now easily understand the different SSL/TLS encryption mode Cloudflare offers now.
This setting is under the Overview tab.
Always Use HTTPS
Redirect all requests with scheme “http” to “https”. This applies to all http requests to the zone.
On Always Use HTTPS
HTTP Strict Transport Security (HSTS)
Having an HSTS enforce web security policy for your website.
At Host My Website Online, we enable HSTS to all the domains serves through our network.
You may not enable HSTS in your Cloudflare account if your domain is hosted with us.
These are the recommended settings.
Enable HSTS (Strict-Transport-Security)
Max Age Header (max-age): 12 months
Apply HSTS policy to subdomains (includeSubDomains)
Minimum TLS Version
Major browsers such as IE 11, Opera Mini, UC Browser for Android won’t support TLS 1.3 as of now.
Unless you are sure that your visitors will only use modern browsers like Firefox, Chrome, Opera, I recommend you to switch to TLS 1.2.
Thereby improving the privacy of the users and enabling more fine-grained protection.
On Onion Routing
TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol.
SSL/TLS is the protocol that encrypts communication between users and your website.
By turning on the TLS 1.3 feature, traffic to and from your website will be served over the TLS 1.3 protocol when supported by clients.
So, you don’t need to worry about the compatibility issues.
On TLS 1.3
Automatic HTTPS Rewrites
On Automatic HTTPS Rewrites
Certificate Transparency Monitoring (Beta)
Certificate Transparency Monitoring is a Beta feature currently.
On Certificate Transparency Monitoring
Under the Firewall menu, there are many security-related settings you can change.
Click on the Settings menu on the right side. There we can adjust the settings.
Adjust your website’s Security Level to determine which visitors will receive a challenge page.
Cloudflare offers different Security Levels to stop threatening visitors.
The visitors will see this page up to five seconds.
The Security Level you choose will determine which visitors will be presented with a challenge page.
We recommend starting at Medium. If you are experiencing a DDoS attack or similar flood of useless traffic, switch to I’m Under Attack!
Bot Fight Mode
Requests matching Cloudflare-identified, non-legitimate automated traffic patterns will be challenged or blocked by Cloudflare.
On Bot Fight Mode
When the configured timeout expires, the visitor will be issued a new challenge.
Start with 30 minutes and adjust based on your needs.
Browser Integrity Check
On Browser Integrity Check
Privacy Pass Support
Enabling Privacy Pass will reduce the number of CAPTCHAs shown to your visitors.
On Privacy Pass Support
Under the Speed menu, we have Optimization and Browser Insights tab.
Let us now head over to the Optimization tab.
Speed up page load times for your visitor’s HTTPS traffic by applying Brotli compression.
Off this, if your website is hosted with us.
On Rocket Loader
On Browser Insights
This page contains one of the magical settings.
You can manage caching settings for your website on this page.
You can Clear cached files to force Cloudflare to fetch the new version of those files from your web server.
This is not settings you set and forgot. You may use this often.
Custom Purge will clear files selectively.
Purge Everything will clear all at once.
Browser Cache TTL
Select 1 year
CSAM Scanning Tool (Beta)
Enabling this service will alert you of any image files that match known CSAM and that have been uploaded to your website.
So you can take immediate action. CSAM Scanning Tool is beneficial when you allow visitors to upload contents to your websites.
CSAM Scanning Tool is currently in Beta.
On CSAM Scanning Tool
On Always Online
You can temporarily bypass Cloudflare cache allowing you to see changes to your origin server in realtime.
Toggling Development Mode is helpful when you are actively developing or debugging your website.
Here you can manage network settings for your website. This page is another crucial section that affects your performance, so please look carefully.
HTTP/3 (with QUIC)
On HTTP/3 (with QUIC)
0-RTT Connection Resumption
On 0-RTT Connection Resumption
On IPv6 Compatibility
On IP Geolocation
Cloudflare Scrape Shield
Cloudflare’s Scrape Shield protects content on your site.
Email Address Obfuscation
On Email Address Obfuscation
Automatically hide specific content from disreputable visitors.
On Server-side Excludes
That’s the end for this massive list of Cloudflare performance and security optimization.
If you have any questions, feel free to add them in the comments box below.