Cloudflare security headers on subdomains

To keep it short, we’ve been trying to set security headers to secure our website. We’ve gone through a third-party cybersecurity company to do testing, and using Cloudflare Workers we’ve managed to get www…example.com to work, but not example…com. Is it normal for these 2 to be separated by Cloudflare?

Some of our subdomains are also not being affected by the changes: dc-123456789…example.com, pop…example.com, imap…example.com, mail…example.com. These are supposedly for our email client.

Would anyone have any suggestions on how we should go about trying to make these changes? (Ignore the double dots in the URLs, needed to circumvent Cloudflare link detection)

Thanks in advance!

Cloudflare features (including Workers) will only apply if your subdomain is proxied :orange:. Of course, your mail-related subdomains shouldn’t be proxied, so it’s expected.

1 Like

The best way to do this now is using Transform Rules. You can target any or all hostnames, only response were the request came from a particular IP address etc. The filtering options are extensive.

You should not have this hostname. It indicates that your MX record is pointing to a hostname that is :orange:. MX records should only point to hostnames that are :grey:, or not on Cloudflare.

Use the formatting options to make it Preformatted Text</>

1 Like

The only MX record we have contains smtp.example.com. Would it be safe to just delete this, or would that have undesirable effects on our email client?

Probably not ideal to delete it, especially if you want to receive email. Just ensure it is :grey: and the dc-123456789 name will disappear.

Sorry for the incessant questions. In the DNS section of Cloudflare, there’s no cloud symbol, it just says “DNS Only”, and I’m not quite sure how to change it…

Some record types cannot be proxied.

Can you give a screenshot of the record in question?


Here’s what it looks like. Thanks for your help!

MX records cannot be proxied. But check the A record for smtp.example.com. Cloudflare do not handle email protocols (usually) and the SMTP record needs to be :grey:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.