---
title: Network settings
image: https://developers.cloudflare.com/core-services-preview.png
---

[Skip to content](#%5Ftop) 

Was this helpful?

YesNo

[ Edit page ](https://github.com/cloudflare/cloudflare-docs/edit/production/src/content/docs/network/index.mdx) [ Report issue ](https://github.com/cloudflare/cloudflare-docs/issues/new/choose) 

Copy page

# Network settings

Manage network settings for your website.

 Available on all plans 

---

## Features

### IP Geolocation

Include the country code of the visitor location with all requests to your website.

[ Use IP Geolocation ](https://developers.cloudflare.com/network/ip-geolocation/) 

### IPv6 Compatibility

Enable IPv6 support and gateway.

[ Use IPv6 Compatibility ](https://developers.cloudflare.com/network/ipv6-compatibility/) 

### WebSockets

Allow WebSockets connections to your origin server.

[ Use WebSockets ](https://developers.cloudflare.com/network/websockets/) 

---

## Related products

**[China Network](https://developers.cloudflare.com/china-network/)** 

The Cloudflare China Network is a package of selected Cloudflare’s performance and security products running on data centers located in mainland China and operated by Cloudflare’s partner JD Cloud.

**[Managed Transforms](https://developers.cloudflare.com/rules/transform/managed-transforms/)** 

Managed Transforms allow you to perform common adjustments to HTTP request and response headers with the click of a button.

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/network/","name":"Network"}}]}
```

---

---
title: gRPC connections
description: Cloudflare offers support for gRPC to protect your APIs on any proxied gRPC endpoints. The gRPC protocol helps build efficient APIs with smaller payloads for reduced bandwidth usage, decreased latency, and faster implementations.
image: https://developers.cloudflare.com/core-services-preview.png
---

[Skip to content](#%5Ftop) 

Was this helpful?

YesNo

[ Edit page ](https://github.com/cloudflare/cloudflare-docs/edit/production/src/content/docs/network/grpc-connections.mdx) [ Report issue ](https://github.com/cloudflare/cloudflare-docs/issues/new/choose) 

Copy page

# gRPC connections

Cloudflare offers support for gRPC to protect your APIs on any [proxied gRPC endpoints](https://developers.cloudflare.com/dns/proxy-status/). The gRPC protocol helps build efficient APIs with smaller payloads for reduced bandwidth usage, decreased latency, and faster implementations.

Note

When gRPC is not enabled on a zone, Cloudflare will respond to gRPC requests with a `403 Forbidden` response.

## Availability

| Free         | Pro | Business | Enterprise |     |
| ------------ | --- | -------- | ---------- | --- |
| Availability | Yes | Yes      | Yes        | Yes |

Charges may occur for gRPC traffic over add-on products such as [Argo Smart Routing](https://developers.cloudflare.com/argo-smart-routing/), [WAF](https://developers.cloudflare.com/waf/), and [Bot Management](https://developers.cloudflare.com/bots/).

## Limitations

Running gRPC traffic on Cloudflare is compatible with most Cloudflare products.

However, the following products have limited capabilities with gRPC requests:

* The [Cloudflare WAF](https://developers.cloudflare.com/waf/) will only run for header inspection during the connection phase. WAF Managed Rules will not run on the content of a gRPC stream.
* Cloudflare Tunnel supports gRPC traffic via [private subnet routing](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/). Public hostname deployments are not currently supported.
* [Cloudflare Access](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/) does not support gRPC traffic sent through Cloudflare’s reverse proxy. gRPC traffic will be ignored by Access if gRPC is enabled in Cloudflare. We recommend disabling gRPC for any sensitive origin servers protected by Access or enabling another means of authenticating gRPC traffic to your origin servers.

## Enable gRPC

### Requirements

* Your gRPC endpoint must listen on port 443.
* Your gRPC endpoint must support TLS and HTTP/2.
* HTTP/2 must be advertised over ALPN.
* Use `application/grpc` or `application/grpc+<message type` (for example: `application/grpc+proto`) for the **Content-Type** header of gRPC requests.
* Make sure that the hostname that hosts your gRPC endpoint:  
   * Is set to [proxied](https://developers.cloudflare.com/dns/proxy-status/)  
   * Uses at least the [Full SSL/TLS encryption mode](https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/full/).

### Procedure

To change the **gRPC** setting in the dashboard:

1. Log in to your [Cloudflare account ↗](https://dash.cloudflare.com) and go to a specific domain.
2. Go to **Network**.
3. For **gRPC**, switch the toggle to **On**.

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/network/","name":"Network"}},{"@type":"ListItem","position":3,"item":{"@id":"/network/grpc-connections/","name":"gRPC connections"}}]}
```

---

---
title: IP geolocation
description: IP geolocation adds the CF-IPCountry header to all requests to your origin server.
image: https://developers.cloudflare.com/core-services-preview.png
---

[Skip to content](#%5Ftop) 

### Tags

[ Geolocation ](https://developers.cloudflare.com/search/?tags=Geolocation) 

Was this helpful?

YesNo

[ Edit page ](https://github.com/cloudflare/cloudflare-docs/edit/production/src/content/docs/network/ip-geolocation.mdx) [ Report issue ](https://github.com/cloudflare/cloudflare-docs/issues/new/choose) 

Copy page

# IP geolocation

IP geolocation adds the [CF-IPCountry header](https://developers.cloudflare.com/fundamentals/reference/http-headers/#cf-ipcountry) to all requests to your origin server.

Cloudflare automatically updates its IP geolocation database multiple times per week.

## Availability

| Free         | Pro | Business | Enterprise |     |
| ------------ | --- | -------- | ---------- | --- |
| Availability | Yes | Yes      | Yes        | Yes |

## Add IP geolocation information

The recommended procedure to enable IP geolocation information is to [enable the **Add visitor location headers** Managed Transform](https://developers.cloudflare.com/rules/transform/managed-transforms/reference/#add-visitor-location-headers). This Managed Transform adds HTTP request headers with location information for the visitor's IP address, such as city, country, continent, longitude, and latitude.

If you only want the request header for the visitor's country, you can enable **IP Geolocation**.

* [ Dashboard ](#tab-panel-5409)
* [ API ](#tab-panel-5410)

To enable **IP Geolocation** in the dashboard:

1. Log in to your [Cloudflare account ↗](https://dash.cloudflare.com) and go to a specific domain.
2. Go to **Network**.
3. For **IP Geolocation**, switch the toggle to **On**.

To enable **IP Geolocation** with the API, send a [PATCH](https://developers.cloudflare.com/api/resources/zones/subresources/settings/methods/edit/) request with `ip_geolocation` as the setting name in the URI path, and the `value` parameter set to `"on"`.

Note

In order to use this data, you will need to then retrieve it from the [CF-IPCountry header](https://developers.cloudflare.com/fundamentals/reference/http-headers/#cf-ipcountry).

---

## Report an incorrect IP location

If you find an IP address with a location that you believe is incorrect, fill in the [data correction form ↗](https://www.cloudflare.com/lp/ip-corrections/) with the relevant IP address range(s) along with the correct information as applicable (country, state/province, city name, and ZIP code).

If the data is confirmed, Cloudflare will make the necessary changes, which should be reflected within 48 hours.

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/network/","name":"Network"}},{"@type":"ListItem","position":3,"item":{"@id":"/network/ip-geolocation/","name":"IP geolocation"}}]}
```

---

---
title: IPv6 compatibility
description: Cloudflare enables IPv6 on all domains without requiring additional configuration or hardware (as long as your host provides IPv6 support).
image: https://developers.cloudflare.com/core-services-preview.png
---

[Skip to content](#%5Ftop) 

### Tags

[ IPv6 ](https://developers.cloudflare.com/search/?tags=IPv6) 

Was this helpful?

YesNo

[ Edit page ](https://github.com/cloudflare/cloudflare-docs/edit/production/src/content/docs/network/ipv6-compatibility.mdx) [ Report issue ](https://github.com/cloudflare/cloudflare-docs/issues/new/choose) 

Copy page

# IPv6 compatibility

Cloudflare enables IPv6 on all domains without requiring additional configuration or hardware (as long as your host provides IPv6 support).

When IPv6 compatibility is turned on, Cloudflare auto generates [AAAA DNS records](https://developers.cloudflare.com/dns/manage-dns-records/reference/dns-record-types/#a-and-aaaa) to allow IPv6 clients to connect. On the other hand, when IPv6 compatibility is turned off, Cloudflare does not automatically generate and advertise `AAAA` DNS for the zone. Client software will determine whether to use IPv4 or IPv6 to connect to a hostname that supports both methods.

For [proxied DNS records](https://developers.cloudflare.com/dns/proxy-status/) that have both an IPv6 and IPv4 origin address, Cloudflare will prefer the IPv4 address when connecting to your origin server.

## Availability

| Free          | Pro | Business | Enterprise |     |
| ------------- | --- | -------- | ---------- | --- |
| Availability  | Yes | Yes      | Yes        | Yes |
| Can customize | No  | No       | No         | Yes |

## Enable IPv6 compatibility

By default, IPv6 compatibility is turned on for your domain and will apply to all domains and subdomains covered by [proxied DNS records](https://developers.cloudflare.com/dns/proxy-status/).

Note

If you have signed up for Cloudflare through a [Cloudflare hosting partner ↗](http://www.cloudflare.com/hosting-partners) or by use [partial setup](https://developers.cloudflare.com/dns/zone-setups/partial-setup/), IPv6 compatibility does not apply to your apex domain.

## Disable IPv6 compatibility

If your origin web server only understands IPv4 formatted IP addresses, non-Enterprise customers should [configure Pseudo IPv4](https://developers.cloudflare.com/network/pseudo-ipv4/).

Alternatively, customers with an Enterprise account can turn off Cloudflare's IPv6 compatibility.

Note

To allow IPv6-only clients to connect to IPv4-only origin web servers, keep IPv6 compatibility enabled and configure [Pseudo IPv4](https://developers.cloudflare.com/network/pseudo-ipv4/).

* [ Dashboard ](#tab-panel-5411)
* [ API ](#tab-panel-5412)

To turn off IPv6 compatibility in the dashboard:

1. In the Cloudflare dashboard, go to the **Network** page.  
[ Go to **Network** ](https://dash.cloudflare.com/?to=/:account/:zone/network)
2. Turn off **IPv6 Compatibility**.

To turn off IPv6 compatibility using the API, send a [PATCH](https://developers.cloudflare.com/api/resources/zones/subresources/settings/methods/edit/) request with `ipv6` as the setting name in the URI path, and the `value` parameter set to `"off"`.

Note

Even when IPv6 is turned off, domains may still receive IPv6 traffic (for example, via the Tor network). To completely turn off all IPv6 traffic:

* Turn off [**Onion Routing**](https://developers.cloudflare.com/network/onion-routing/).
* Use a [WAF custom rule](https://developers.cloudflare.com/waf/custom-rules/create-dashboard/) to block `0:0:0:0:0:0:0:0/0` using the condition `ip.src in {::/0}`.
* Add `and cf.worker.upstream_zone == ""` to the rule above to avoid blocking Workers subrequests. Workers subrequests use IPv6 addresses, and this condition checks that the request does not come from a Worker script. For more information, refer to the [cf.worker.upstream\_zone](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.worker.upstream%5Fzone/) field documentation.

---

## Troubleshoot an IPv6 network issue

Provide the following information to [Cloudflare Support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) if you experience issues with IPv6 connectivity:

* A [traceroute](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#perform-a-traceroute) that demonstrates the IPv6 connection issues.
* The [Cloudflare data center serving your request](https://developers.cloudflare.com/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#identify-the-cloudflare-data-center-serving-your-request) when the IPv6 issues occur.
* Confirmation of whether [disabling IPv6 Compatibility](#disable-ipv6-compatibility) resolves the issue.

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/network/","name":"Network"}},{"@type":"ListItem","position":3,"item":{"@id":"/network/ipv6-compatibility/","name":"IPv6 compatibility"}}]}
```

---

---
title: Maximum upload size
image: https://developers.cloudflare.com/core-services-preview.png
---

[Skip to content](#%5Ftop) 

Was this helpful?

YesNo

[ Edit page ](https://github.com/cloudflare/cloudflare-docs/edit/production/src/content/docs/network/maximum-upload-size.mdx) [ Report issue ](https://github.com/cloudflare/cloudflare-docs/issues/new/choose) 

Copy page

# Maximum upload size

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/network/","name":"Network"}},{"@type":"ListItem","position":3,"item":{"@id":"/network/maximum-upload-size/","name":"Maximum upload size"}}]}
```

---

---
title: Onion Routing and Tor support
description: Improve the Tor user experience by enabling Onion Routing, which enables Cloudflare to serve your website’s content directly through the Tor network and without requiring exit nodes.
image: https://developers.cloudflare.com/core-services-preview.png
---

[Skip to content](#%5Ftop) 

Was this helpful?

YesNo

[ Edit page ](https://github.com/cloudflare/cloudflare-docs/edit/production/src/content/docs/network/onion-routing.mdx) [ Report issue ](https://github.com/cloudflare/cloudflare-docs/issues/new/choose) 

Copy page

# Onion Routing and Tor support

Improve the Tor user experience by enabling Onion Routing, which enables Cloudflare to serve your website’s content directly through the Tor network and without requiring exit nodes.

## Availability

| Free         | Pro | Business | Enterprise |     |
| ------------ | --- | -------- | ---------- | --- |
| Availability | Yes | Yes      | Yes        | Yes |

## How it works

Onion Routing helps improve Tor browsing as follows:

* Tor users no longer access your site via exit nodes, which can sometimes be compromised, and may snoop on user traffic.
* Human Tor users and bots can be distinguished by our Onion services, such that interactive challenges are only served to malicious bot traffic.

[Tor Browser ↗](https://tb-manual.torproject.org/about/) users receive an [alt-svc header ↗](https://httpwg.org/specs/rfc7838.html#alt-svc) as part of the response to the first request to your website. The browser then creates a Tor Circuit to access this website using the `.onion` TLD service provided by this header.

You should note that the visible domain in the user interface remains unchanged, as the host header and the SNI are preserved. However, the underlying connection changes to be routed through Tor, as the [UI denotes on the left of the address bar ↗](https://tb-manual.torproject.org/managing-identities/#managing-identities) with a Tor Circuit. Cloudflare does not provide a certificate for the `.onion` domain provided as part of alt-svc flow, which therefore cannot be accessed via HTTPS.

## Enable Onion Routing

* [ Dashboard ](#tab-panel-5413)
* [ API ](#tab-panel-5414)

To enable **Onion Routing** in the dashboard:

1. In the Cloudflare dashboard, go to the **Network** page.  
[ Go to **Network** ](https://dash.cloudflare.com/?to=/:account/:zone/network)
2. For **Onion Routing**, switch the toggle to **On**.

To enable **Onion Routing** with the API, send a [PATCH](https://developers.cloudflare.com/api/resources/zones/subresources/settings/methods/edit/) request with `opportunistic_onion` as the setting name in the URI path, and the `value` parameter set to `"on"`.

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/network/","name":"Network"}},{"@type":"ListItem","position":3,"item":{"@id":"/network/onion-routing/","name":"Onion Routing and Tor support"}}]}
```

---

---
title: Pseudo IPv4
description: Cloudflare customers can use Pseudo IPv4 if their origin web server only understands IPv4 formatted IP addresses (meaning it would not support Cloudflare's default IPv6 compatibility).
image: https://developers.cloudflare.com/core-services-preview.png
---

[Skip to content](#%5Ftop) 

Was this helpful?

YesNo

[ Edit page ](https://github.com/cloudflare/cloudflare-docs/edit/production/src/content/docs/network/pseudo-ipv4.mdx) [ Report issue ](https://github.com/cloudflare/cloudflare-docs/issues/new/choose) 

Copy page

# Pseudo IPv4

Cloudflare customers can use **Pseudo IPv4** if their origin web server only understands IPv4 formatted IP addresses (meaning it would not support Cloudflare's default [IPv6 compatibility](https://developers.cloudflare.com/network/ipv6-compatibility/)).

Note

To allow IPv6-only clients to connect to IPv4-only origin web servers, keep [IPv6 compatibility](https://developers.cloudflare.com/network/ipv6-compatibility/) enabled and configure Pseudo IPv4.

## Availability

| Free         | Pro | Business | Enterprise |     |
| ------------ | --- | -------- | ---------- | --- |
| Availability | Yes | Yes      | Yes        | Yes |

## Background

Some older origin server analytics and fraud detection software expect IP addresses in an IPv4 format and do not support IPv6 addresses.

**Pseudo IPv4** uses the [Class E IPv4 address space ↗](https://tools.ietf.org/html/rfc1112#section-4) to provide as many unique IPv4 addresses corresponding to IPv6 addresses as possible.

* Example Class E IPv4 address: `240.16.0.1`
* Example IPv6 address: `2400:cb00:f00d:dead:beef:1111:2222:3333`

Note

Class E IPv4 addresses are designated as experimental and are not used for production Internet traffic.

## Configure Pseudo IPv4

Cloudflare offers three options for configuring **Pseudo IPv4**:

* **Off**: Default value.
* **Add Header**: Cloudflare automatically adds the `Cf-Pseudo-IPv4` header with a Class E IPv4 address hashed from the original IPv6 address.
* **Overwrite Headers**:  
If **Pseudo IPv4** is set to `Overwrite Headers` \- Cloudflare overwrites the existing `Cf-Connecting-IP` and `X-Forwarded-For` headers with a pseudo IPv4 address while preserving the real IPv6 address in `CF-Connecting-IPv6` header.

Note

When using _Overwrite Headers_, no software changes are necessary in your origin web server.

To configure **Pseudo IPv4**:

* [ Dashboard ](#tab-panel-5415)
* [ API ](#tab-panel-5416)

To change the **Pseudo IPv4** setting in the dashboard:

1. In the Cloudflare dashboard, go to the **Network** page.  
[ Go to **Network** ](https://dash.cloudflare.com/?to=/:account/:zone/network)
2. For **Pseudo IPv4**, choose your desired setting.

To change **Pseudo IPv4** with the API, send a [PATCH](https://developers.cloudflare.com/api/resources/zones/subresources/settings/methods/edit/) request with `pseudo_ipv4` as the setting name in the URI path, and the `value` parameter set to your desired value: `"off"`, `"add_header"`, or `"overwrite_header"`.

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/network/","name":"Network"}},{"@type":"ListItem","position":3,"item":{"@id":"/network/pseudo-ipv4/","name":"Pseudo IPv4"}}]}
```

---

---
title: Understanding the True-Client-IP Header
description: Enabling the True-Client-IP Header adds the True-Client-IP header to all requests to your origin server, which includes the end user's IP address.
image: https://developers.cloudflare.com/core-services-preview.png
---

[Skip to content](#%5Ftop) 

Was this helpful?

YesNo

[ Edit page ](https://github.com/cloudflare/cloudflare-docs/edit/production/src/content/docs/network/true-client-ip-header.mdx) [ Report issue ](https://github.com/cloudflare/cloudflare-docs/issues/new/choose) 

Copy page

# Understanding the True-Client-IP Header

Enabling the True-Client-IP Header adds the [True-Client-IP header](https://developers.cloudflare.com/fundamentals/reference/http-headers/#true-client-ip-enterprise-plan-only) to all requests to your origin server, which includes the end user's IP address.

## Availability

| Free         | Pro | Business | Enterprise |     |
| ------------ | --- | -------- | ---------- | --- |
| Availability | No  | No       | No         | Yes |

## Add True-Client-IP Header

The recommended procedure to access client IP information is to [enable the **Add "True-Client-IP" header** Managed Transform](https://developers.cloudflare.com/rules/transform/managed-transforms/reference/#add-true-client-ip-header).

Note

To use this data, you will need to then retrieve it from the [True-Client-IP header](https://developers.cloudflare.com/fundamentals/reference/http-headers/#cf-ipcountry).

## Additional resources

For additional guidance on using True-Client-IP Header with Cloudflare, refer to the following resources:

* [Available Managed Transforms](https://developers.cloudflare.com/rules/transform/managed-transforms/reference/#add-true-client-ip-header)
* [Cloudflare HTTP headers](https://developers.cloudflare.com/fundamentals/reference/http-headers/#true-client-ip-enterprise-plan-only)
* [Restoring original visitor IPs](https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/)

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/network/","name":"Network"}},{"@type":"ListItem","position":3,"item":{"@id":"/network/true-client-ip-header/","name":"Understanding the True-Client-IP Header"}}]}
```

---

---
title: WebSockets
description: Cloudflare supports proxied WebSocket connections without additional configuration.
image: https://developers.cloudflare.com/core-services-preview.png
---

[Skip to content](#%5Ftop) 

Was this helpful?

YesNo

[ Edit page ](https://github.com/cloudflare/cloudflare-docs/edit/production/src/content/docs/network/websockets.mdx) [ Report issue ](https://github.com/cloudflare/cloudflare-docs/issues/new/choose) 

Copy page

# WebSockets

Cloudflare supports proxied WebSocket connections without additional configuration.

## Background

WebSockets are open connections sustained between the client and the origin server. Inside a WebSockets connection, the client and the origin can pass data back and forth without having to reestablish sessions. This makes exchanging data within a WebSockets connection fast. WebSockets are often used for real-time applications such as live chat and gaming.

## Enable WebSockets

* [ Dashboard ](#tab-panel-5417)
* [ API ](#tab-panel-5418)

To enable **WebSockets** connections to your origin server in the dashboard:

1. In the Cloudflare dashboard, go to the **Network** page.  
[ Go to **Network** ](https://dash.cloudflare.com/?to=/:account/:zone/network)
2. For **WebSockets**, switch the toggle to **On**.

To enable **WebSockets** connections to your origin server with the API, send a [PATCH](https://developers.cloudflare.com/api/resources/zones/subresources/settings/methods/edit/) request with `websockets` as the setting name in the URI path, and the `value` parameter set to `"on"`.

## Compatibility notes

| Product                                                                   | Compatible | Notes                                                                                                                                                                                                                                                            |
| ------------------------------------------------------------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [Argo](https://developers.cloudflare.com/argo-smart-routing/)             | No         | Argo is not compatible with WebSockets.                                                                                                                                                                                                                          |
| [SSL](https://developers.cloudflare.com/ssl/)                             | Yes        |                                                                                                                                                                                                                                                                  |
| [WAF](https://developers.cloudflare.com/waf/)                             | Yes\*      | The initial HTTP 101 request is subject to WAF managed rules, custom rules, rate limiting rules, and other WAF features like any other WebSockets connection. However, once a connection has been established, the WAF does not perform any further inspections. |
| [Workers](https://developers.cloudflare.com/workers/examples/websockets/) | Yes        | You can also use [Durable Objects](https://developers.cloudflare.com/durable-objects/) as an endpoint for WebSocket sessions, giving you full control over messages sent to and from clients.                                                                    |

Note

Cloudflare also supports [ASP.NET SignalR ↗](http://signalr.net/), which helps negotiate which transport method to use (long polling or WebSockets).

## Availability

WebSockets are supported on all Cloudflare plans.

## Requests and Bandwidth measurement

Given the nature of WebSocket connections, you may notice they differ from typical HTTP traffic in terms of requests and bandwidth usage. If you are an Enterprise customer, it is important to consider how Cloudflare measures requests and bandwidth to accurately estimate your usage.

Cloudflare measures a single WebSocket connection in the following way:

* **Requests**: Cloudflare recognizes only the initial upgrade request per WebSocket connection as an HTTP request. Even though you can send a bidirectional message stream through the established WebSocket connection, it will be counted as a single long-lived HTTP request.
* **Bandwidth**: Cloudflare measures data transfer sent from Cloudflare to the client. This typically means that messages from the WebSocket server behind Cloudflare to the WebSocket client are counted towards bandwidth usage.

Once a WebSocket connection is closed, you can view your aggregated WebSocket usage through [Traffic Analytics](https://developers.cloudflare.com/analytics/account-and-zone-analytics/zone-analytics/#traffic), the [GraphQL Analytics API](https://developers.cloudflare.com/analytics/graphql-api/), and [HTTP requests logs](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/zone/http%5Frequests/).

## Technical note

When Cloudflare releases new code to its global network, we may restart servers, which terminates WebSockets connections.

### Best practices

* Implement a [keepalive ↗](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets%5FAPI/Writing%5FWebSocket%5Fservers#pings%5Fand%5Fpongs%5Fthe%5Fheartbeat%5Fof%5Fwebsockets).
* Review and then remove or extend timeout settings on the origin and/or on the client.

### Troubleshooting

Investigating issues with Websocket can be facilitated with client tools like [wscat ↗](https://github.com/websockets/wscat). Being able to reproduce an issue on a single URL with a minimalistic tool helps narrowing down the issue.

The `EdgeStartTimestamp` and `EdgeStopTimestamp` fields in [HTTP requests logs](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/zone/http%5Frequests/) represent the duration of the WebSocket connection (they do not represent the initial HTTP connection).

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/network/","name":"Network"}},{"@type":"ListItem","position":3,"item":{"@id":"/network/websockets/","name":"WebSockets"}}]}
```