30 Cloudflare Settings to Boost Your Website Performance in 2020

by | Last Updated Mar 5, 2020 | Cloudflare | 2 comments

Activating a CDN is the next step to improve your website performance.

There are many free and paid CDN services.

With 194 POPs (Points of Presence) across the globe, Cloudflare is among the most popular.

In this tutorial, I will recommend some of the Best Cloudflare Settings to get maximum optimisation and security advantage from Cloudflare.

I assume that you have already created an account with Cloudflare and connected your domain name.

If not yet, head over to Cloudflare creates an account to give a performance boost to your website.

Best Cloudflare Settings We Recommend

So, let us get started to optimize your Cloudflare settings.

Once you logged in to your Cloudflare account and click on the domain name you have added, you see the Overview Page.

In this Overview tab, you can see the summary of your domain’s performance, such as Analytics.

Quick Actions like Purge Cache, toggle Development Mode On and Off also presented here.

These are the Cloudflare Menu structure.

Now we are going to tap the Analytics tab.

Cloudflare Analytics

Analytics tab contains read-only data like Number of Requests Through Cloudflare, Unique Visitors you had in a timeframe, Web Traffic Requests by Country.

You don’t have any settings to update here.

Cloudflare DNS

DNS Management page in Cloudflare is one of the critical pages in your Cloudflare account.

All the DNS related settings are here.

You can add, modify and delete DNS zones such as A, CNAME, MX, TXT.

DNSSEC

DNSSEC protects against forged DNS answers.

DNSSEC protected zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by the domain owner.

Enable DNSSEC

Cloudflare SSL/TLS

Cloudflare redesigned their SSL/TSL page recently.

You can now easily understand the different SSL/TLS encryption mode Cloudflare offers now.

This setting is under the Overview tab.

Select Full (strict)

Always Use HTTPS

This setting is now under Edge Certificates tab.

Redirect all requests with scheme “http” to “https”. This applies to all http requests to the zone.

On Always Use HTTPS

HTTP Strict Transport Security (HSTS)

Having an HSTS enforce web security policy for your website.

At Host My Website Online, we enable HSTS to all the domains serves through our network.

You may not enable HSTS in your Cloudflare account if your domain is hosted with us.

Enable HSTS

The Enable HSTS button will give you a Change HSTS Settings page.

These are the recommended settings.

Enable HSTS (Strict-Transport-Security)

Max Age Header (max-age): 12 months

Apply HSTS policy to subdomains (includeSubDomains)

Preload

No-Sniff Header

Minimum TLS Version

Only allow HTTPS connections from visitors that support the selected TLS protocol version or newer.

Major browsers such as IE 11, Opera Mini, UC Browser for Android won’t support TLS 1.3 as of now.

Unless you are sure that your visitors will only use modern browsers like Firefox, Chrome, Opera, I recommend you to switch to TLS 1.2.

TLS 1.2

Onion Routing

Onion Routing allows routing traffic from legitimate users on the Tor network through Cloudflare’s onion services rather than exit nodes.

Thereby improving the privacy of the users and enabling more fine-grained protection.

On Onion Routing

TLS 1.3

Enable the latest version of the TLS protocol for improved security and performance.

TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol.

SSL/TLS is the protocol that encrypts communication between users and your website.

By turning on the TLS 1.3 feature, traffic to and from your website will be served over the TLS 1.3 protocol when supported by clients.

So, you don’t need to worry about the compatibility issues.

On TLS 1.3

Automatic HTTPS Rewrites

Automatic HTTPS Rewrites helps fix mixed content by changing “http” to “https” for all resources or links on your web site that can be served with HTTPS.

On Automatic HTTPS Rewrites

Certificate Transparency Monitoring (Beta)

Receive an email when a Certificate Authority issues a certificate for your domain.

Certificate Transparency Monitoring is a Beta feature currently.

On Certificate Transparency Monitoring

Cloudflare Firewall

Under the Firewall menu, there are many security-related settings you can change.

Click on the Settings menu on the right side. There we can adjust the settings.

Security Level

Adjust your website’s Security Level to determine which visitors will receive a challenge page.

Cloudflare offers different Security Levels to stop threatening visitors.

The visitors will see this page up to five seconds.

The Security Level you choose will determine which visitors will be presented with a challenge page.

We recommend starting at Medium. If you are experiencing a DDoS attack or similar flood of useless traffic, switch to I’m Under Attack!

Medium

Bot Fight Mode

Challenge requests matching patterns of known bots before they can access your site.

Requests matching Cloudflare-identified, non-legitimate automated traffic patterns will be challenged or blocked by Cloudflare.

On Bot Fight Mode

Challenge Passage

Specify the length of time that a visitor, who has successfully completed a Captcha or JavaScript Challenge, can access your website.

When the configured timeout expires, the visitor will be issued a new challenge.

Start with 30 minutes and adjust based on your needs.

30 minutes

Browser Integrity Check

Evaluate HTTP headers from your visitor’s browser for threats. If a threat is found, a block page will be delivered.

On Browser Integrity Check

Privacy Pass Support

Privacy Pass is a browser extension developed by the Privacy Pass Team to improve the browsing experience for your visitors.

Enabling Privacy Pass will reduce the number of CAPTCHAs shown to your visitors.

On Privacy Pass Support

Cloudflare Speed

Under the Speed menu, we have Optimization and Browser Insights tab.

Let us now head over to the Optimization tab.

Auto Minify

Reduce the file size of source code on your website. Enable all of them.

JavaScript

CSS

HTML

Brotli

Speed up page load times for your visitor’s HTTPS traffic by applying Brotli compression.

On Brotli

Rocket Loader™

Improve the paint time for pages which include JavaScript.

Off this, if your website is hosted with us.

On Rocket Loader

Browser Insights

You can find out how fast your web pages load by enabling Browser Insights. This setting is under Browser Insights tab.

On Browser Insights

Cloudflare Caching

This page contains one of the magical settings.

You can manage caching settings for your website on this page.

Purge Cache

You can Clear cached files to force Cloudflare to fetch the new version of those files from your web server.

This is not settings you set and forgot. You may use this often.

Custom Purge will clear files selectively.

Purge Everything will clear all at once.

Caching Level

Determine how much of your website’s static content you want Cloudflare to cache. Increased caching can speed up page load time.

Select Standard

Browser Cache TTL

Determine the length of time Cloudflare instructs a visitor’s browser to cache files. During this period, the browser loads the files from its local cache, speeding up page loads.

Select 1 year

CSAM Scanning Tool (Beta)

The Child Sexual Abuse Material (CSAM) Scanning Tool allows website owners to proactively identify and take action on CSAM located on their website.

Enabling this service will alert you of any image files that match known CSAM and that have been uploaded to your website.

So you can take immediate action. CSAM Scanning Tool is beneficial when you allow visitors to upload contents to your websites.

CSAM Scanning Tool is currently in Beta.

On CSAM Scanning Tool

Always Online™

If your server goes down, Cloudflare will serve your website’s static pages from their cache.

On Always Online

Development Mode

You can temporarily bypass Cloudflare cache allowing you to see changes to your origin server in realtime.

Toggling Development Mode is helpful when you are actively developing or debugging your website.

Cloudflare Network

Here you can manage network settings for your website. This page is another crucial section that affects your performance, so please look carefully.

HTTP/2

Accelerates your website with HTTP/2.

On HTTP/2

HTTP/3 (with QUIC)

Accelerates HTTP requests by using QUIC, which provides encryption and performance improvements compared to TCP and TLS.

On HTTP/3 (with QUIC)

0-RTT Connection Resumption

Improves performance for clients who have previously connected to your website.

On 0-RTT Connection Resumption

IPv6 Compatibility

Enable IPv6 support and gateway.

On IPv6 Compatibility

WebSockets

Allow WebSockets connections to your origin server.

On WebSockets

IP Geolocation

Include the country code of the visitor location with all requests to your website.

On IP Geolocation

Cloudflare Scrape Shield

Cloudflare’s Scrape Shield protects content on your site.

Email Address Obfuscation

Display obfuscated email addresses on your website to prevent harvesting by bots and spammers, without visible changes to the address for human visitors.

On Email Address Obfuscation

Server-side Excludes

Automatically hide specific content from disreputable visitors.

On Server-side Excludes

That’s the end for this massive list of Cloudflare performance and security optimization.

If you have any questions, feel free to add them in the comments box below.

Want to See Your WordPress Website Loads in a Second?

We offer a 30 Day Money Back Guarantee, so joining is Risk Free

By Gifty Antony

Gifty is passionate about Web Development and connected with various communities. She loves WordPress.

Check Out These Related Posts

What Is a CDN? CDN Explained

What Is a CDN? CDN Explained

Mostly one server that physically placed in a data centre will be serving websites and apps that we interact with every day. But the website contents like images, HTML and CSS files, and other dynamically generated files still need to fly across the internet. Imagine,...

read more
How to Get CloudFlare Railgun FREE

How to Get CloudFlare Railgun FREE

Being a Cloudflare Optimized Partner, Host My Website Online is excited to offer the Cloudflare Railgun technology to all our customers for FREE. Railgun is Cloudflare's latest performance optimisation technology that gives you significant improvements in site load...

read more

Cloudflare Optimized Partner

Host My Website Online is excited to announce our partnership with Cloudflare, the website performance and security company. Cloudflare is a content delivery network (CDN) that increases the performance and security of every website on its system, protecting from...

read more

2 Comments

2 Comments
  1. Avatar

    How to combine Free Cloudlare with LScache?

    Reply
    • Avatar

      Hey Syams,

      There are no special requirements needed to work with Cloudflare + LSCache.

      LSCache works out of the box.

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *