After hosting a blog on Cloudflare Pages, many people stop at “it’s accessible.” In fact, a few more configuration steps can yield significant improvements in both performance and security.
1. Caching Strategy
It is recommended to cache resources in layers based on their type:
- HTML: Short cache (to facilitate updates).
- CSS/JS: Long cache + filename fingerprinting.
- Images: Long cache + format negotiation (WebP/AVIF).
The key point is: short cache for mutable content, long cache for immutable content.
2. Compression and Transmission
Enabling Brotli and HTTP/3 can effectively reduce transmission latency. If your site has many images, combining this with Cloudflare’s image optimization strategies will yield obvious benefits.
3. Security Response Headers
You can add basic policies in _headers:
/* X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: camera=(), microphone=(), geolocation=()If the sources of scripts on your site are clear, you can further add a CSP (Content Security Policy).
4. Bot and Anomalous Traffic Control
For a personal site, the recommended strategy is “gentle interception”:
- Challenge obviously anomalous UAs or high-frequency requests.
- Whitelist RSS feeds, search engines, and monitoring probes.
- Avoid a one-size-fits-all approach that might block legitimate crawlers.
5. Monitoring and Regression
Observe at least the following after each adjustment:
- TTFB and LCP changes.
- Error code ratio (403/429/5xx).
- Whether search engine crawling is affected.
Do not stack too many rules at once; rolling them out in batches is the only way to allow for rapid rollbacks.
Summary
Pages is just the starting point; the real gap is widened through continuous tuning after going live. Solidifying caching, headers, and traffic governance will benefit the site’s stability in the long run.
If this article helped you, please share it with others!
Some information may be outdated





