How to remove all Cloudflare-specific headers?

On my site, every request comes back with a whole slew of CF headers, none of which are actually useful for the browser. For example, cf-cache-status, cf-ray, cf-request-id, nel, report-to. Sure, cache status may be useful for me to look at occasionally but why is it sent on every single response?

I don’t see any information anywhere on how to turn these off. (I’d expect there to be a button in the settings, which I can then turn on occasionally if I need to diagnose any issues.) Is there some other way to remove these headers?

1 Like

I believe you cannot do it.
Why would you want it to be removed?

If you check your website as html or css/js/image, there could be some difference due to the static files cache vs dynamic/HTML.

Also regarding the “Cache” method like “Everything, Standard, etc.” which can be selected in the Cloudflare dashboard or managed via Page Rules to tell Cloudflare what to cache at their edge location.

I don’t believe most of these are optional, or that there is a way to remove them.

NEL can be removed on request. However, the data that NEL provides is very useful, and I would expect Cloudflare to provide NEL reports in the dashboard in the near future. (I add my own NEL report endpoint to my traffic, and it produces very useful data.)

I expect cf-ray to be removed at some stage, as cf-request-id was to replace it, but nothing definitive in the documentation.

Customers can opt out of having their end users consume the NEL headers by emailing Cloudflare support.

It used to be that minimising headers was a recommendation from YSlow and similar tools. With the use of header compression, and the massive size of most assets, those recommendations seem to have disappeared, replaced with an endless stream of “security” headers.

2 Likes

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.