Cloudflare Platform Documentation
A comprehensive guide to securing, accelerating, and building on the Cloudflare global network. From free-tier DNS and CDN to enterprise-grade Zero Trust and edge computing.
Learning Path
1. Foundation
Start here to understand how Cloudflare sits between your users and your origin server.
- DNS and Domain Services — Authoritative DNS, 1.1.1.1 Resolver, Domain Registrar, and Email Routing
- SSL and Encryption — Universal SSL, TLS Modes, and Post-Quantum Cryptography
2. Performance & Protection
Master the core value of Cloudflare: make your site fast and keep it safe.
| Pillar | Module | Focus |
|---|---|---|
| Speed | CDN and Caching | Content Delivery, Cache Rules, and Speed Brain |
| Shield | DDoS Protection | L3/L4 and HTTP DDoS Mitigation |
| Guard | Application Security | Turnstile, Challenges, and Bot Fight Mode |
3. Zero Trust & Networking
Secure access to internal applications without a traditional VPN.
- Zero Trust and SASE — Access, Gateway, WARP Client, and Cloudflare Tunnel
4. Developer Platform
Build and deploy serverless applications at the edge.
- Cloudflare Pages — Comprehensive guide to Cloudflare Pages, Wrangler CLI, and API
- Cloudflare Workers — Comprehensive guide to the V8 Isolate edge compute platform
5. Insights & Management
Monitor traffic, configure rules, and manage your Cloudflare zones.
- Analytics and Observability — Traffic Analytics, Web Analytics, and Cloudflare Radar
- Traffic Control and Site Management — Rules, Ruleset Engine, and Notifications
- Miscellaneous Services — Zaraz, Time Services, and Randomness Beacon
6. Advanced Topics & Reference
Optimize performance, design architecture, and troubleshoot your setup.
- Performance Optimization — Advanced Caching, Protocols, and Browser Acceleration
- Strategy and Architecture — Edge-First, GitOps, and SaaS Patterns
- Troubleshooting and Monitoring — DNS/SSL Diagnostics and Worker Debugging
- Reference and Cheatsheet — Wrangler CLI, API, and Error Codes Reference
How Cloudflare Works
Cloudflare operates as a reverse proxy that sits between your visitors and your origin server. Every request passes through Cloudflare's global network (330+ cities), where it is inspected, cached, and accelerated before reaching your server.
flowchart LR
USER[Visitor] -->|HTTPS Request| CF_EDGE["Cloudflare Edge\n(Nearest PoP)"]
CF_EDGE -->|DDoS Check| WAF["Security Layer\n(WAF / Bot / DDoS)"]
WAF -->|Cache Hit?| CACHE["Cache Layer\n(CDN)"]
CACHE -->|Miss| ORIGIN["Your Origin Server"]
ORIGIN -->|Response| CACHE
CACHE -->|Optimized Response| USER
style CF_EDGE fill:#f6821f,color:#fff,stroke:#e5711e
style WAF fill:#c7402d,color:#fff,stroke:#a8331e
style CACHE fill:#2563eb,color:#fff,stroke:#1e40af
style ORIGIN fill:#6b7280,color:#fff,stroke:#4b5563
Free vs Paid at a Glance
| Category | Free Features | Paid-Only Features |
|---|---|---|
| DNS | Authoritative DNS, 1.1.1.1, DoH, DoT, Registrar, Email Routing | Internal DNS, Secondary DNS, DNS Firewall |
| SSL | Universal SSL, SSL/TLS, Post-Quantum Crypto | Advanced Certificate Manager, Key Transparency |
| CDN | CDN, Cache, Speed Brain | Smart Tiered Caching, Cache Reserve, Argo |
| DDoS | L3/L4 + HTTP DDoS Protection | Magic Transit |
| Security | Turnstile, Challenges, Super Bot Fight Mode | WAF, API Shield, Page Shield, Rate Limiting |
| Zero Trust | WARP Client, Cloudflare Tunnel, Access (limited), Gateway (limited) | Browser Isolation, DEX, Network Firewall |
| Compute | Workers, Pages, KV (limited), D1 (limited), Queues (limited), Secrets Store | Workers AI, Containers, R2, Vectorize |
| Analytics | Analytics, Web Analytics, Radar | GraphQL API, Log Explorer, Logpush |
| Rules | Rules, Ruleset Engine (limited), Notifications | Waiting Room, Health Checks |
| Misc | Zaraz (limited), Time Services, Randomness Beacon | — |
Quick Start
Add your site to Cloudflare (overview)
# 1. Sign up at https://dash.cloudflare.com/sign-up (free)
# 2. Add your domain — Cloudflare will scan existing DNS records
# 3. Update your domain's nameservers to the ones Cloudflare assigns:
# e.g. ns1.cloudflare.com / ns2.cloudflare.com
# 4. Wait for propagation (usually under 5 minutes, can take up to 24 hours)
# 5. Your site is now proxied through Cloudflare — SSL, CDN, and DDoS
# protection are active by default!
Prerequisites
- A registered domain name
- Access to your domain registrar's nameserver settings
- Basic understanding of DNS (A records, CNAME records)
Success Criteria
By the end of this documentation, you will be able to:
- Configure Cloudflare DNS and understand proxy mode vs DNS-only.
- Harden your site with free SSL, DDoS protection, and bot management.
- Set up Cloudflare Tunnel for secure, private access to internal services.
- Deploy serverless applications on Workers, Pages, D1, R2, and Workers AI.
- Optimize performance using modern protocols (HTTP/3) and advanced caching.
- Build edge-first architectures with GitOps deployment pipelines.
- Troubleshoot origin connectivity, SSL handshakes, and Worker exceptions.
- Monitor traffic with Cloudflare Analytics, Web Analytics, and Radar.