Request Header Transform Rules · Cloudflare Rules docs | Latest TMZ Celebrity News & Gossip | Watch TMZ Live Skip to content
Cloudflare Docs

Request Header Transform Rules

Use Request Header Transform Rules to manipulate the headers of HTTP requests sent to your origin server.

flowchart LR
accTitle: Header modifications diagram
accDescr: Header transform rules can change the headers sent to your origin server (request header modifications) or sent your your website visitors (response header modifications).

A[Visitor]
B((Cloudflare))
C[(Origin server)]

A -.-> B == "Includes request<br> header modifications" ==> C
C -.-> B -. "Includes response<br> header modifications" .-> A

style A stroke-width: 2px
style B stroke: orange,fill: orange,color: black
linkStyle 0,2,3 stroke-width: 1px
linkStyle 1 stroke-width: 3px

To modify HTTP headers in the response sent to website visitors, refer to Response Header Transform Rules.

Through Request Header Transform Rules you can:

  • Set the value of an HTTP request header to a literal string value, overwriting its previous value or adding a new header to the request.
  • Set the value of an HTTP request header according to an expression, overwriting its previous value or adding a new header to the request.
  • Remove an HTTP header from the request.

You can create a request header transform rule in the dashboard, via API, or using Terraform.

For more complex request header modifications, consider using Snippets.

Important remarks

  • You cannot modify or remove HTTP request headers whose name starts with x-cf- or cf- except for the cf-connecting-ip HTTP request header, which you can remove.

  • Due to protocol compliance reasons, modifying or removing request headers with forbidden header names (such as Accept-Encoding) is generally not allowed in Request Header Transform Rules.

  • You cannot modify the value of any header commonly used to identify the website visitor's IP address or initial protocol, such as x-forwarded-for, true-client-ip, x-real-ip, or x-forwarded-proto. Additionally, you cannot remove the x-forwarded-for and x-forwarded-proto headers.

  • You cannot set or modify the value of cookie HTTP request headers, but you can remove these headers. Configuring a rule that removes the cookie HTTP request header will remove all cookie headers in matching requests.

  • If you modify the value of an existing HTTP request header using an expression that evaluates to an empty string ("") or an undefined value, the HTTP request header is removed.

  • The HTTP request header removal operation will remove all request headers with the provided name.

  • Currently, there is a limited number of HTTP request headers that you cannot modify. Cloudflare may remove restrictions for some of these HTTP request headers when presented with valid use cases. Create a post in the community for consideration.

  • To use claims inside a JSON Web Token (JWT), you must first set up a token validation configuration in API Shield.

Troubleshooting

When troubleshooting Request Header Transform Rules, use Cloudflare Trace to determine if a rule is triggering for a specific URL.

TMZ Celebrity News – Breaking Stories, Videos & Gossip

Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

🎥 Watch TMZ Live

TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.