Cloudflare Docs
Cloudflare Zero Trust
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Global rules

Cloudflare Zero Trust applies a set of global rules to all accounts.

CriteriaValueActionDescription
Hostname*.cloudflareclient.combypassengage.cloudflareclient.com is used by client for registration. This policy ensures that customers cannot accidentally block themselves from making account changes.
Hostname*.assets.browser.runbypassDo not inspect assets.browser.run or *.assets.browser.run
Hostname*.cloudflare-gateway.combypassEnsure we bypass requests to cloudflare-gateway.com DNS endpoint
Hostname*.cloudflarestatus.combypassBypass cloudflarestatus.com so customers can reach the page in case of Gateway outage
Hostname*.net.cloudflare.combypassBypass *.nel.cloudflarestatus.com for Cloudflare’s network error logging feature
Hostnameclient.wns.windows.combypassTemp cert pinning global bypass
Hostnameapi.apple-cloudkit.combypassTemp cert pinning global bypass
Hostnamegateway.icloud.combypassTemp cert pinning global bypass
Hostname*.edge.browser.runisolateAnything bound for *.edge.browser.run needs to go the isolation browser
Hostnamehelp.teams.cloudflare.comallowZero Trust client will use this to check if Gateway is on by inspecting cert. Also will check if certificate is properly installed on client machine
Request HeaderAccept: text/htmlnoisolateBrowsers issue an Accept: header that begins with text/html. Do not isolate if we don’t see such a header because this is not a browser