aioflare

Manage Zone Security & Performance Settings

aioflare lets you view and change common Cloudflare security and speed settings for each zone β€” without opening the Cloudflare dashboard for every tweak. This guide explains how to open zone settings, what you can change, and what is view-only or managed elsewhere.

How to open zone settings

Two quick ways from the Zones page

  1. Go to the Zones page

    Open Zones from the sidebar. Find the domain (zone card) you want to manage.

  2. Open the zone sheet β€” option A: click the zone name

    Click the domain name on the zone card (under the account email). This opens the zone settings sheet as an overlay.

  3. Open the zone sheet β€” option B: use the menu

    Click the three dots (β‹―) on the top-right of the zone card, then choose Settings. This opens the same zone settings sheet.

  4. Open Security or Performance

    In the zone sheet, use the tabs at the top. Choose Security for HTTPS, TLS, and protection settings. Choose Performance for caching, protocols, and speed options.

  5. Load current values if needed

    If settings look empty, click Fetch Details at the top of the sheet. aioflare will load the latest values from Cloudflare.

Before you change anything

A short checklist so settings load and save correctly

  • Unlock encryption in aioflare if prompted β€” settings are stored securely and need your session unlocked.
  • Use Fetch Details once when you first open Security or Performance so aioflare syncs values from Cloudflare.
  • Read the short explanation on sensitive options (for example SSL/TLS mode) before confirming a change.

Configurable vs read-only β€” at a glance

Three simple categories

Not every Cloudflare setting works the same way in aioflare. Some you can turn on or off directly. Some are shown for information only because Cloudflare no longer allows changes through the API. Advanced firewall features are managed only in the Cloudflare dashboard.

You can change

Toggle or dropdown β€” saved to Cloudflare when you confirm.

View only

Shown for reference; the control is disabled or has no effect.

Cloudflare dashboard

Not available in aioflare β€” use dash.cloudflare.com for full control.

Security tab

HTTPS, TLS, attack protection, and browser security

Settings you can change

  • SSL/TLS encryption mode β€” Choose Automatic, Full (Strict), Full, Flexible, or Off. Affects how HTTPS works between visitors, Cloudflare, and your server.
  • Always Use HTTPS β€” Redirects HTTP visitors to HTTPS.
  • Automatic HTTPS Rewrites β€” Rewrites insecure http:// links in HTML to https://.
  • Opportunistic Encryption β€” Tells browsers your site supports encryption via Alt-Svc headers.
  • Minimum TLS version β€” Sets the oldest TLS version still allowed (1.0 through 1.3).
  • TLS 1.3 β€” Enables the newer, faster TLS version.
  • I'm Under Attack mode β€” Shows a challenge page to all visitors during an active attack. Turn off when the attack ends.
  • Bot Fight Mode β€” Challenges obvious automated bots. May affect monitoring or API clients.
  • Challenge Passage TTL β€” How long a visitor who passed a challenge can browse without being challenged again.
  • WAF (Web Application Firewall) β€” Turns managed WAF protection on or off. Requires a paid Cloudflare plan.
  • Browser Integrity Check β€” Blocks requests with headers often used by spam bots.
  • Email Address Obfuscation β€” Hides plain email addresses in HTML from scrapers.
  • Hotlink Protection β€” Stops other websites from hotlinking your images.

View only in aioflare

  • Security level (Always protected) β€” Cloudflare now protects zones automatically. The old Low / Medium / High slider is gone β€” aioflare shows the current status only.
  • Privacy Pass Support β€” Deprecated by Cloudflare. Shown for reference; changes have no effect.

Only in Cloudflare dashboard

  • Managed WAF rulesets (OWASP, Cloudflare Managed) β€” Configure in Cloudflare under Security β†’ WAF.
  • Custom firewall rules β€” Create and edit in Cloudflare under Security β†’ WAF β†’ Custom rules.
  • Rate limiting rules β€” Managed in the Cloudflare dashboard, not in aioflare.
  • IP Access / allow & block lists β€” Managed in the Cloudflare dashboard under Security.

Performance tab

Caching, protocols, compression, and image optimization

Settings you can change

  • Caching level β€” Standard, No Query String, or Ignore Query String β€” controls how URLs are cached.
  • Browser Cache TTL β€” How long visitors' browsers keep cached files.
  • Always Online β€” Serves a cached copy if your origin server is down.
  • HTTP/3 (QUIC) β€” Faster connections over QUIC where supported.
  • 0-RTT Connection Resumption β€” Reduces latency on repeat visits; use with care for non-idempotent requests.
  • WebSockets β€” Required for real-time apps (chat, live updates).
  • Pseudo IPv4 β€” Adds a header so IPv6-only origins can log IPv4-style addresses.
  • Early Hints (103) β€” Lets browsers preload resources sooner. Still experimental on some browsers.
  • Rocket Loader β€” Loads JavaScript asynchronously. Legacy feature β€” may break strict script order.

Paid plan required

  • Polish (image optimization) β€” Compresses images at the edge. Needs Cloudflare Pro, Business, or Enterprise.
  • Image Resizing β€” Resize images via URL parameters. Needs a paid Cloudflare plan.

View only in aioflare

  • HTTP/2 β€” Managed automatically by Cloudflare. You cannot turn it off in aioflare.
  • Brotli compression β€” Always on for all zones since 2024. Read-only here; use Compression Rules in Cloudflare for advanced control.

Deprecated β€” shown but may not work

  • Auto Minify (CSS, HTML, JavaScript) β€” Cloudflare removed this from the dashboard. Toggles may still appear but changes often have no effect.

Saving changes safely

What happens when you edit a setting

  • Important changes (for example SSL/TLS mode) show a confirmation dialog with a short explanation before they are sent to Cloudflare.
  • After you confirm, aioflare updates the setting through the Cloudflare API. A spinner shows while the save is in progress.
  • Use the orange Cloudflare path badge under each row to double-check the same setting in the official Cloudflare dashboard.

Cloudflare dashboard badges

How to verify a setting in Cloudflare

Each row can show a small orange badge such as SSL/TLS β†’ Edge Certificates. That is the menu path in the Cloudflare dashboard where you can verify the value matches what you see in aioflare.

Frequently asked questions

Common questions about zone Security and Performance

Why do I need Fetch Details?
aioflare loads zone settings on demand to save API calls. Fetch Details pulls the latest Security and Performance values from Cloudflare into the zone sheet.
Why is a setting read-only?
Cloudflare removed or locked some options (for example Brotli, HTTP/2, Privacy Pass). aioflare still displays them so you know the current state, but the API no longer accepts changes.
Why can't I enable WAF or Polish?
Some features need a paid Cloudflare plan on that zone. aioflare shows the control but keeps it disabled until your zone plan supports it.
Will changes affect my site immediately?
Yes β€” most settings apply as soon as Cloudflare accepts the update. For risky options like SSL/TLS mode, read the warning in the confirmation dialog first.

See also: How to Manage Redirect Rule