/Integrations
v1.2Cloudflare
Validate Cloudflare security level, SSL mode, and launch-blocking zone settings.
Integration
Cloudflare
Confirms zone settings that can block launch traffic.
Cloudflare can block a launch without a single code change—Under Attack mode challenges real users, Flexible SSL creates redirect loops, and aggressive security levels break webhooks. PreFlight reads zone security level, SSL mode, and flags settings that commonly break production traffic before you flip DNS.
Requirements
- Cloudflare API token with Zone Read permissions
- Zone ID for the domain you are launching
- Production domain name managed in that zone
SSL mode matters
Use Full or Full (strict) SSL for production. Flexible SSL between Cloudflare and your origin is a common source of redirect loops and broken webhook delivery.
What PreFlight checks
| Probe | What it proves |
|---|---|
| Security level | Zone security level is not set to block legitimate launch traffic. |
| SSL mode | SSL termination mode is safe for production (Full or Full strict). |
| Under Attack mode | I'm Under Attack mode is flagged when it would challenge users or webhooks. |
| Redirect loop risk | Flexible SSL and mixed settings that cause loops are surfaced. |
Failure guidance
| Symptom | Fix |
|---|---|
| Under Attack enabled | Disable I'm Under Attack unless you are actively mitigating an attack. |
| Flexible SSL | Switch to Full or Full (strict) and ensure a valid origin certificate. |
| High security level | Lower security level during launch or allowlist webhook IP ranges. |
| Invalid token | Create a Zone Read token scoped to the correct account and zone. |
Dashboard setup
- Open Integrations → Cloudflare in your PreFlight project.
- Create an API token with Zone Read access and paste it with your Zone ID.
- Enter the production domain managed in that Cloudflare zone.
- Run Pre-Flight Check and resolve any SSL or security warnings.
