Cloudflare Glossary of Terms in Alpha Order
Here’s a complete alphabetical glossary of Cloudflare terms — organized A–Z, with concise yet technical definitions suitable for documentation or a white paper appendix.
A – Access
Cloudflare Access (part of Cloudflare Zero Trust) controls which users or identities can reach protected applications. It replaces traditional VPNs by enforcing identity-based rules (e.g., SSO, MFA) at Cloudflare’s edge.
A – Argo Smart Routing
A paid service that uses Cloudflare’s private backbone to route requests along the fastest and least-congested paths between data centers, improving latency and reliability.
A – API Shield
A set of features that protect and manage APIs at the edge, including mutual TLS (mTLS) authentication, schema validation, and API abuse mitigation.
B – Bot Management
A Cloudflare feature set that identifies, scores, and mitigates automated bot traffic using machine learning and behavioral analysis.
B – Browser Isolation
A Zero Trust feature that runs browser sessions on Cloudflare’s edge infrastructure so no untrusted code reaches local devices.
B – BYOIP (Bring Your Own IP)
Allows organizations to announce their own IP address ranges through Cloudflare’s network while retaining ownership, combining Cloudflare’s protection with existing IP allocations.
C – Cache
Temporary storage at Cloudflare’s edge for web content to reduce origin load and latency. Configurable via Cache Rules or HTTP headers.
C – CDN (Content Delivery Network)
Cloudflare’s globally distributed network that delivers cached content and absorbs DDoS attacks.
C – Certificate Transparency (CT)
Public logs of issued TLS certificates; Cloudflare uses CT monitoring to detect unauthorized certs for your domain.
C – Cloudflare Dashboard
The web interface for managing zones, DNS, security settings, tunnels, and analytics.
C – Cloudflare Tunnel (cloudflared)
A secure, outbound-only tunnel from an origin (like a Raspberry Pi) to Cloudflare’s edge. Removes the need for public IPs or port-forwarding and hides the origin behind Cloudflare’s network.
C – CNAME Flattening
A DNS feature that resolves CNAMEs at the root domain level, enabling use of CNAME records at the apex of a zone.
C – Custom Hostnames
Allows SaaS providers to serve customer domains via their own Cloudflare account using SSL for SaaS.
D – DDoS (Distributed Denial-of-Service) Protection
Automatic network- and application-layer protection built into Cloudflare’s edge to absorb and filter malicious traffic.
D – DNS (Domain Name System)
Cloudflare’s authoritative DNS service provides fast resolution, DNSSEC support, and integrated proxying through “orange-clouded” records.
D – DNSSEC (Domain Name System Security Extensions)
A cryptographic mechanism that protects against DNS spoofing by signing DNS records.
D – Durable Objects / Workers KV
Storage primitives for Cloudflare Workers that allow stateful or key-value data at the edge.
E – Edge Network
Cloudflare’s 300 + global data centers where traffic is processed, filtered, cached, and accelerated close to end users.
E – Email Routing
Cloudflare feature that forwards emails from your domain to existing inboxes without running a mail server.
F – Firewall Rules
Customizable rulesets applied at Cloudflare’s edge to allow, block, or challenge requests based on IP, headers, country, ASN, etc.
F – Full (Strict) SSL Mode
An HTTPS mode requiring a valid certificate on the origin server for end-to-end encryption between Cloudflare and origin.
G – Gateway
Part of Cloudflare Zero Trust; acts as a secure DNS/HTTP filtering layer for outbound connections from users or devices.
H – Health Checks
Probes used by Cloudflare Load Balancer to determine origin availability and route traffic to healthy servers.
H – HTTP/3 & QUIC
Modern transport protocols supported by Cloudflare to reduce latency and improve performance over UDP.
I – IP Reputation / Threat Intelligence
Cloudflare’s global intelligence that scores IPs based on malicious behavior, used by WAF and firewall rules.
I – Image Resizing / Polish
Cloudflare’s edge optimization services that compress, convert, and resize images dynamically for performance gains.
L – Load Balancer
A paid feature providing health-checked failover and traffic steering across multiple origins or tunnels at the DNS and HTTP layers.
L – Logpush / Logpull
Mechanisms for exporting detailed request logs from Cloudflare’s edge to external storage or SIEM tools.
M – Magic Transit / Magic WAN
Cloudflare’s L3/L4 network services that protect and accelerate entire IP subnets, extending DDoS protection beyond web traffic.
M – Magic Firewall
Cloudflare’s stateless packet-filtering firewall for on-prem or routed traffic under Magic Transit/WAN.
N – Nameservers
Cloudflare-managed authoritative servers responsible for resolving a domain’s DNS queries.
N – Network Error Logging (NEL)
A reporting mechanism that collects error telemetry from browsers for analytics and troubleshooting.
O – Origin Certificate
A TLS certificate issued by Cloudflare for use only between Cloudflare’s edge and the origin server, ensuring encrypted tunnel-to-origin communication.
O – Orange Cloud
The orange-colored proxy icon in the DNS dashboard indicating that Cloudflare’s proxy/CDN/WAF is active for that record.
P – Page Rules / Cache Rules / Transform Rules
Rule sets that define behaviors such as redirects, cache policies, header rewrites, and URL normalization.
P – Proxy Protocol
An optional header inserted by Cloudflare when forwarding TCP connections (via Spectrum or Tunnel) to convey the original client IP and port.
R – Railgun (legacy)
A WAN-optimization protocol (now largely superseded by Argo and standard compression) that accelerates dynamic content.
R – Rate Limiting
Feature that limits the number of requests from a client to protect APIs and applications against abuse.
R – Registrar
Cloudflare’s domain-registration service that charges wholesale cost and provides security-first registration management.
S – Spectrum
A paid Layer-4 reverse-proxy service for non-HTTP protocols (SSH, RDP, game servers, MQTT, etc.) with DDoS protection and acceleration.
S – SSL/TLS Modes
Connection security settings between visitors, Cloudflare, and the origin. Options include Off, Flexible, Full, and Full (Strict).
S – Stream
Cloudflare’s on-demand video streaming and encoding platform with edge delivery.
S – Super Bot Fight Mode
Simplified bot-protection interface available on Free/Pro plans.
T – Tiered Caching
A caching topology where regional Cloudflare data centers fetch from upper-tier data centers rather than the origin, reducing origin bandwidth.
T – Tunnel Replica
An additional instance of cloudflared connected to the same Tunnel for high availability or load distribution.
U – Under Attack Mode (IUAM)
A challenge mode that displays a JavaScript computation page to verify legitimate browsers during high-volume attacks.
U – Universal SSL
Automatic issuance and renewal of SSL certificates for all proxied hostnames on a Cloudflare zone.
W – WAF (Web Application Firewall)
Cloudflare’s rule engine that inspects HTTP traffic for malicious patterns (SQLi, XSS, etc.) and blocks or challenges them.
W – Warp / 1.1.1.1
Cloudflare’s consumer VPN and DNS resolver service; Warp routes device traffic through Cloudflare’s network for privacy and performance.
W – WebSockets
Real-time bidirectional connections supported through Cloudflare’s proxy.
W – Workers
Cloudflare’s serverless edge-compute platform that runs JavaScript, Rust, or WASM code in isolated V8 environments close to users.
W – Workers KV / R2
Key-value and object storage systems for Workers, enabling persistent data at the edge.
Z – Zero Trust Platform
Cloudflare’s unified suite (Access, Gateway, Browser Isolation, DLP, CASB) that secures users, applications, and networks based on identity, device posture, and policies rather than perimeter firewalls.
Here’s a complete alphabetical glossary of Cloudflare terms — organized A–Z, with concise yet technical definitions suitable for documentation or a white paper appendix.
Cloudflare Glossary (A–Z)
A – Access
Cloudflare Access (part of Cloudflare Zero Trust) controls which users or identities can reach protected applications. It replaces traditional VPNs by enforcing identity-based rules (e.g., SSO, MFA) at Cloudflare’s edge.
A – Argo Smart Routing
A paid service that uses Cloudflare’s private backbone to route requests along the fastest and least-congested paths between data centers, improving latency and reliability.
A – API Shield
A set of features that protect and manage APIs at the edge, including mutual TLS (mTLS) authentication, schema validation, and API abuse mitigation.
B – Bot Management
A Cloudflare feature set that identifies, scores, and mitigates automated bot traffic using machine learning and behavioral analysis.
B – Browser Isolation
A Zero Trust feature that runs browser sessions on Cloudflare’s edge infrastructure so no untrusted code reaches local devices.
B – BYOIP (Bring Your Own IP)
Allows organizations to announce their own IP address ranges through Cloudflare’s network while retaining ownership, combining Cloudflare’s protection with existing IP allocations.
C – Cache
Temporary storage at Cloudflare’s edge for web content to reduce origin load and latency. Configurable via Cache Rules or HTTP headers.
C – CDN (Content Delivery Network)
Cloudflare’s globally distributed network that delivers cached content and absorbs DDoS attacks.
C – Certificate Transparency (CT)
Public logs of issued TLS certificates; Cloudflare uses CT monitoring to detect unauthorized certs for your domain.
C – Cloudflare Dashboard
The web interface for managing zones, DNS, security settings, tunnels, and analytics.
C – Cloudflare Tunnel (cloudflared)
A secure, outbound-only tunnel from an origin (like a Raspberry Pi) to Cloudflare’s edge. Removes the need for public IPs or port-forwarding and hides the origin behind Cloudflare’s network.
C – CNAME Flattening
A DNS feature that resolves CNAMEs at the root domain level, enabling use of CNAME records at the apex of a zone.
C – Custom Hostnames
Allows SaaS providers to serve customer domains via their own Cloudflare account using SSL for SaaS.
D – DDoS (Distributed Denial-of-Service) Protection
Automatic network- and application-layer protection built into Cloudflare’s edge to absorb and filter malicious traffic.
D – DNS (Domain Name System)
Cloudflare’s authoritative DNS service provides fast resolution, DNSSEC support, and integrated proxying through “orange-clouded” records.
D – DNSSEC (Domain Name System Security Extensions)
A cryptographic mechanism that protects against DNS spoofing by signing DNS records.
D – Durable Objects / Workers KV
Storage primitives for Cloudflare Workers that allow stateful or key-value data at the edge.
E – Edge Network
Cloudflare’s 300 + global data centers where traffic is processed, filtered, cached, and accelerated close to end users.
E – Email Routing
Cloudflare feature that forwards emails from your domain to existing inboxes without running a mail server.
F – Firewall Rules
Customizable rulesets applied at Cloudflare’s edge to allow, block, or challenge requests based on IP, headers, country, ASN, etc.
F – Full (Strict) SSL Mode
An HTTPS mode requiring a valid certificate on the origin server for end-to-end encryption between Cloudflare and origin.
G – Gateway
Part of Cloudflare Zero Trust; acts as a secure DNS/HTTP filtering layer for outbound connections from users or devices.
H – Health Checks
Probes used by Cloudflare Load Balancer to determine origin availability and route traffic to healthy servers.
H – HTTP/3 & QUIC
Modern transport protocols supported by Cloudflare to reduce latency and improve performance over UDP.
I – IP Reputation / Threat Intelligence
Cloudflare’s global intelligence that scores IPs based on malicious behavior, used by WAF and firewall rules.
I – Image Resizing / Polish
Cloudflare’s edge optimization services that compress, convert, and resize images dynamically for performance gains.
L – Load Balancer
A paid feature providing health-checked failover and traffic steering across multiple origins or tunnels at the DNS and HTTP layers.
L – Logpush / Logpull
Mechanisms for exporting detailed request logs from Cloudflare’s edge to external storage or SIEM tools.
M – Magic Transit / Magic WAN
Cloudflare’s L3/L4 network services that protect and accelerate entire IP subnets, extending DDoS protection beyond web traffic.
M – Magic Firewall
Cloudflare’s stateless packet-filtering firewall for on-prem or routed traffic under Magic Transit/WAN.
N – Nameservers
Cloudflare-managed authoritative servers responsible for resolving a domain’s DNS queries.
N – Network Error Logging (NEL)
A reporting mechanism that collects error telemetry from browsers for analytics and troubleshooting.
O – Origin Certificate
A TLS certificate issued by Cloudflare for use only between Cloudflare’s edge and the origin server, ensuring encrypted tunnel-to-origin communication.
O – Orange Cloud
The orange-colored proxy icon in the DNS dashboard indicating that Cloudflare’s proxy/CDN/WAF is active for that record.
P – Page Rules / Cache Rules / Transform Rules
Rule sets that define behaviors such as redirects, cache policies, header rewrites, and URL normalization.
P – Proxy Protocol
An optional header inserted by Cloudflare when forwarding TCP connections (via Spectrum or Tunnel) to convey the original client IP and port.
R – Railgun (legacy)
A WAN-optimization protocol (now largely superseded by Argo and standard compression) that accelerates dynamic content.
R – Rate Limiting
Feature that limits the number of requests from a client to protect APIs and applications against abuse.
R – Registrar
Cloudflare’s domain-registration service that charges wholesale cost and provides security-first registration management.
S – Spectrum
A paid Layer-4 reverse-proxy service for non-HTTP protocols (SSH, RDP, game servers, MQTT, etc.) with DDoS protection and acceleration.
S – SSL/TLS Modes
Connection security settings between visitors, Cloudflare, and the origin. Options include Off, Flexible, Full, and Full (Strict).
S – Stream
Cloudflare’s on-demand video streaming and encoding platform with edge delivery.
S – Super Bot Fight Mode
Simplified bot-protection interface available on Free/Pro plans.
T – Tiered Caching
A caching topology where regional Cloudflare data centers fetch from upper-tier data centers rather than the origin, reducing origin bandwidth.
T – Tunnel Replica
An additional instance of cloudflared connected to the same Tunnel for high availability or load distribution.
U – Under Attack Mode (IUAM)
A challenge mode that displays a JavaScript computation page to verify legitimate browsers during high-volume attacks.
U – Universal SSL
Automatic issuance and renewal of SSL certificates for all proxied hostnames on a Cloudflare zone.
W – WAF (Web Application Firewall)
Cloudflare’s rule engine that inspects HTTP traffic for malicious patterns (SQLi, XSS, etc.) and blocks or challenges them.
W – Warp / 1.1.1.1
Cloudflare’s consumer VPN and DNS resolver service; Warp routes device traffic through Cloudflare’s network for privacy and performance.
W – WebSockets
Real-time bidirectional connections supported through Cloudflare’s proxy.
W – Workers
Cloudflare’s serverless edge-compute platform that runs JavaScript, Rust, or WASM code in isolated V8 environments close to users.
W – Workers KV / R2
Key-value and object storage systems for Workers, enabling persistent data at the edge.
Z – Zero Trust Platform
Cloudflare’s unified suite (Access, Gateway, Browser Isolation, DLP, CASB) that secures users, applications, and networks based on identity, device posture, and policies rather than perimeter firewalls.
