Snippets examples

Refer to the following examples to get started creating your snippet code.

Refer to How it works and Create a snippet in the dashboard for overall guidance.

22 examples

• A/B testing with same-URL direct access
  Set up an A/B test by controlling what response is served based on cookies.
• Append dates to cookies to use with A/B testing
  Dynamically set a cookie expiration and test group.
• Auth with headers
  Allow or deny a request based on a known pre-shared key in a header. This is not meant to replace the WebCrypto API.
• Bulk redirect based on a map object
  Redirect requests to certain URLs based on a mapped object to the request’s URL.
• Country code redirect
  Redirect a response based on the country code in the header of a visitor.
• Debugging logs
  Send debugging information in an errored response to a logging service.
• Define CORS headers
  Adjust Cross-Origin Resource Sharing (CORS) Open external link headers and handle preflight requests.
• Override a Set-Cookie header with a certain value
  Get a specific Set-Cookie header and update it with a certain value.
• Redirect 403 Forbidden to a different page
  If origin responded with 403 Forbidden error code, redirect to different page.
• Redirect from one domain to another
  Redirect all requests from one domain to another domain.
• Remove fields from API response
  If origin responds with JSON, parse the response and delete fields to return a modified response.
• Remove query strings before sending request to origin
  Remove certain query strings from a request before passing to the origin.
• Remove response headers
  Remove from response all headers that start with a certain name.
• Return information about the incoming request
  Respond with information about the incoming request provided by Cloudflare’s global network.
• Route to a different origin based on origin response
  If response to the original request is not 200 OK or a redirect, send to another origin.
• Send Bot Management information to origin
  Send Bots information to your origin. Refer to Bot Managenent variables for a full list of available fields.
• Send suspect bots to a honeypot
  Use the bot score field to send bots to a honeypot.
• Send timestamp to origin as a custom header
  Convert timestamp to hexadecimal format and send it as a custom header to the origin.
• Set security headers
  Set common security headers such as X-XSS-Protection, X-Frame-Options, and X-Content-Type-Options.
• Sign requests
  Verify a signed request using the HMAC and SHA-256 algorithms or return a 403.
• Slow down suspicious requests
  Define a delay to be used when incoming requests match a rule you consider suspicious.
• Validate JSON web tokens (JWT)
  Extract the JWT token from a header, decode it, and implement validation checks to verify it.