Page loading - security level / speed

Hi All and happy new year

I have had my site (running at home on a RaspberryPI) going though CF in under attack mode for a few months. It will be receiving some visitors soon and would like to speed up page loading as I notice css takes a few seconds to come through.

Would changing from ‘I’m under attack’ to ‘medium’ level help with this? And is it worth enabling auto minify for js, css and html?

I set it to medium this morning and it appears to be a bit faster, but might be a placebo.

It was set to the highest level as the site contains personal info, and didn’t want too many unwanted visitors, but I’ve also set htpasswd on there now, to help with that.


Under Attack mode won’t directly help unless you’re actually under attack - in which case your origin may be struggling under the load from the attack.

Auto Minify is worth enabling - but if your problem is in the order of multiple seconds for CSS to load - it likely won’t remove that delay.

The best thing to do is ensure all of your static assets are cached and run a speed test before and after the cache is populated.

For more detail - follow the guide here:

Thanks - just to confirm - I was already in under attack security level and noticed it taking a few seconds for css to load (once I had entered my htpasswd creds). Now I have changed it to medium and it seems quicker after entering the creds, but will test later.

The actual speed of CSS elements loading is very quick as there aren’t many. Hitting the site directly on my network or without going through Cloudflare is almost instant, so it does appear to be CF causing the slight delay

Any other thoughts on this? I have enabled minify for html, css and js, purged cache and reloaded. Doesn’t appear any faster to be honest. Inspected source and can see its removed comments etc.

again just to reiterate, the site loads instantly on my local machine, it’s just a few CSS elements/pics that are taking a couple of seconds to load once Ive put my htpasswd creds in. Seems a bit better when security level is set to medium/high instead of under attack mode.

Without knowing that actual domain name, we can’t see what’s slowing it down.

Unfortunately it’s going to be tricky for the community to diagnose the site itself as it’s password protected, but I just wanted to confirm how loading speed might be affected with different security levels and enabling minify for all 3 options

from what I understand, the security level should only impact and challenge clients with suspicious reputations, which is why I initially had it set to under attack mode - seemed more secure that way

Ah, security levels. Once someone gets past security, there should be no change in site performance.

Even Minifiy only provides a slight improvement in performance.

appreciate it - makes me think that leaving it as under attack is probably for the best (currently high). I’m only expecting 100-200 users over the next few months to login to the site, but would like the performance to be as close to how it is when I hit it locally

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.