Magento content delivery network (CDN) setup via Cloudflare
Key takeaways
- A CDN can help Magento stores deliver static content from servers closer to shoppers.
- Cloudflare can support Magento performance, caching, SSL/TLS, and DDoS protection.
- Magento CDN setup includes updating base URLs and flushing Magento cache.
- Magento 1 steps apply only to legacy stores because Magento 1 is end-of-life.
Although Magento is a powerful ecommerce solution, it can be complex and resource intensive. Because of this, you likely have spent time improving the performance and loading speed of your Magento store.
A high-quality content delivery network (CDN) can help support your Magento ecommerce store by serving static content from locations closer to your visitors.
A CDN is especially useful if your website receives traffic from across the globe, far away from your hosting server.
Let’s look at how to set up a Magento content delivery network (CDN) with Cloudflare.
Host Magento at full throttle.
Get secure, reliable Magento hosting so you can scale faster.
What is a CDN?
A CDN is a network of servers that stores and delivers copies of website files. For Magento stores, this often includes static assets like product images, CSS, JavaScript, fonts, and other media files.
Instead of serving every file from your origin server, a CDN can deliver cached files from its own network. This can reduce load on your server and help pages respond faster during normal traffic and traffic spikes.
Magento content delivery network (CDN) solution: how to implement Cloudflare on your site
Before making changes, confirm that you have access to your Cloudflare account, Magento Admin Panel, DNS settings, and hosting account.
If you don’t have a Cloudflare account, create one and add your domain. Review the DNS records Cloudflare imports before activating the domain through Cloudflare, including www and non-www versions if both are in use.
Take a current backup before changing CDN, DNS, or base URL settings on a live store.
Magento 1 CDN setup
Magento 1 is end-of-life and no longer receives official Adobe support. Use these steps only for legacy Magento 1 stores. If you’re running a current Magento site, use the Magento 2 steps below.
Magento 1 CDN setup step 1: navigate to the web console
To configure your Magento 1 base URLs, navigate to System > Configuration > General > Web.
Magento 1 CDN setup step 2: adjust Magento 1 base URLs
Under Web, expand the Unsecure and Secure dropdown sections.
Next, set the Magento base URLs to use the HTTPS instance of your domain.
For example:
Once you’ve adjusted the URLs, save the configuration.
Magento 1 CDN setup step 3: flush Magento cache
When you have saved your adjusted base URL configuration, navigate to System > Cache Management and click Flush Magento Cache.
Magento 2 CDN setup
If your site uses Magento 2, the steps are slightly different. The following sections cover those differences.
Magento 2 CDN setup step 1: navigate to the web console
To configure your Magento 2 base URLs, log in to your Magento Admin Area.
Navigate to Stores > Configuration.
Magento 2 CDN setup step 2: adjust Magento 2 base URLs
From the configuration menu, select General > Web.
Expand the Base URLs and Base URLs (Secure) dropdown sections.
Then, set the Magento base URLs to use the HTTPS instance of your domain.
For example:
Once the URLs are adjusted, click Save Config.
Magento 2 CDN setup step 3: flush Magento cache
After saving your adjusted base URLs configuration, flush the Magento cache by navigating to System > Cache Management and clicking Flush Magento Cache.
You can also flush Magento cache from the command line if you have SSH access:
At this stage, Cloudflare can serve static content for your Magento 2 store. Check your storefront after making these changes to confirm images, CSS, JavaScript, and key pages load correctly.
Cloudflare performance and security settings
Cloudflare can help reduce origin server load, support DDoS protection, and improve delivery for shoppers across different regions.
Magento SSL/TLS settings
With TLS 1.3 enabled, HTTPS connections are faster and more secure, improving the overall user experience on your website.
You can enable this by navigating to SSL/TLS > Edge Certificates > TLS 1.3 and toggling it on.
Review SSL/TLS settings carefully before changing them on a live Magento store. Incorrect SSL settings can cause redirect loops, mixed content warnings, or checkout issues.
Magento security settings
Security level
Your security level determines which visitors you expose to the challenge page. Cloudflare’s recommended value for this setting is Medium, which can offer protection without inconveniencing most visitors.
Anything above Medium can affect site performance and degrade the user experience, so test higher settings before using them on a live Magento store.
Additional security settings
The following additional security settings may be useful:
- Challenge Passage: Recommended setting is between 15 to 45 minutes
- Browser Integrity Check: Enabled
- Privacy Pass Support: Enabled, if available in your Cloudflare dashboard
To apply these settings, go to Security > Settings.
Cloudflare dashboard options can change, so review each setting before enabling it on a live Magento store.
Cloudflare Bot Fight Mode
Bot Fight Mode detects and mitigates bot traffic on your domain. When enabled, it identifies known bot traffic patterns.
Keep this option disabled unless you are dealing with major bot-related or security issues. If you enable Bot Fight Mode, you may experience poorer website performance or increased CPU usage.
To activate Bot Fight Mode, go to Security > Bots > Bot Fight Mode and toggle it on.
Web application firewall (WAF)
Cloudflare’s WAF monitors incoming web traffic and can block malicious traffic. The firewall uses rulesets that identify patterns and signals to filter unwanted traffic.
To create firewall rules, go to Security > WAF and review the available rule options.
Test WAF rules before applying them broadly so legitimate shoppers, crawlers, payment tools, and integrations are not blocked.
DDoS attack protection
Cloudflare can help combat DDoS attacks on your website.
To enable this option, go to Overview > Quick Actions > Under Attack Mode and toggle it on.
If you enable this option, your website performance may deteriorate. Each visitor to your website may see a processing page for several seconds while Cloudflare verifies whether the hit originated from a legitimate visitor or a bot.
Use Under Attack Mode only when the site is actively under attack.
Magento network settings
HTTP/3
HTTP/3 is the next version of the HTTP protocol. It differs from previous protocol versions by using a user datagram protocol (UDP) called QUIC instead of a transmission control protocol (TCP).
The protocol is fast and secure for today’s internet. HTTP/3 can establish a secure session much faster than HTTP/2, which uses TCP and transport layer security (TLS).
0-RTT Connection Resumption
With 0-RTT Connection Resumption, the client and server can use cached information from a previous TLS session to establish a new one without needing to renegotiate their parameters.
If your store supports it, review both HTTP/3 and 0-RTT under the Network section in your Cloudflare dashboard.
Magento caching configuration
Avoid caching Magento cart, checkout, customer account, admin, payment, or other customer-specific pages. Caching the wrong pages can cause stale cart data, incorrect customer content, or checkout problems.
Purge cache setting
The Purge Cache section allows you to purge the Cloudflare cache based on the settings you configure. This setting is useful when making changes to your website or content.
Purge cache can help after theme updates, CSS changes, JavaScript changes, image updates, or major content changes.
Caching level setting
The Caching Level section determines how much static content Cloudflare will cache.
The recommended level is Standard because it is the safest option for caching content with or without a query string.
Browser cache TTL setting
The Browser Cache TTL section specifies how long cached files will stay in your visitor’s browser cache.
A browser cache TTL over a month can help you with the PageSpeed Insights warning to “serve static assets with an efficient cache policy.”
To enable these settings, navigate to Caching > Configuration.
Magento Cloudflare page rule settings
To cache additional content at Cloudflare, you can add a Cache Everything Page Rule.
Do not apply Cache Everything to cart, checkout, admin, or customer account pages.
Cloudflare now uses several rule types depending on the account and dashboard view. If your dashboard no longer shows Page Rules in the same place, look for Cloudflare Rules and confirm the correct rule type before making changes.
Here is how you enable a Cache Everything Page Rule in Cloudflare:
- Log into your Cloudflare account and select the domain where you want to add the page rule.
- Click Rules > Page Rules > Create Page Rule.
- Under the If the URL matches section, enter the URL or URL pattern that should match the rule.
- Under the Then the settings are section, choose Cache Level and then Cache Everything.
- Click Save, and then click Deploy to save the page rule.
- When multiple page rules are in place, the top page rule in the list will be triggered first, so review the rule order.
- Check your website page header for cf-cache-status as MISS or HIT to verify the headers returned by Cloudflare.
Magento speed settings
Auto Minify
You can minify your JavaScript, CSS, and HTML to load your website faster. Minifying removes spaces, comments, newlines, and block delimiters from the code.
Removing these unnecessary characters reduces file size, which can speed up load time.
To set up Auto Minify, go to Speed > Optimization > Auto Minify and choose the options you want to enable.
Test Auto Minify before enabling it across a live Magento store, especially if your theme or extensions rely on custom JavaScript.
Brotli
Brotli is a form of compression that can help files transfer faster to users’ devices.
Enable Brotli if it is available in your Cloudflare dashboard and test the storefront after turning it on.
Setting up Let’s Encrypt SSL for your Magento site with Cloudflare
If Liquid Web hosts your Magento website, you can enable free Let’s Encrypt SSL on your domain. However, you may not be able to enable this SSL while Cloudflare is proxying your site.
Follow these steps to enable Let’s Encrypt:
- Log into your Cloudflare dashboard and select DNS.
- Disable the Cloudflare proxy status for both www and non-www domain names. When the Cloudflare proxy is off, you’ll see a gray cloud instead of an orange one.
- In your Liquid Web Client Portal, select Plans, choose the plan dashboard, select Sites, and choose the domain name on which you want to install SSL.
- Choose SSL from the menu options.
- Enable the Auto Let’s Encrypt certificate option by toggling the switch to the right.
- Enable the SSL toggles for www and non-www domain names.
- Select Issue Certificate to issue a new Let’s Encrypt certificate.
Installing your Let’s Encrypt SSL certificate should take only a few minutes. Once SSL is enabled on your domain, reactivate the Cloudflare proxy for your domain and test the site.
Using a Cloudflare origin certificate
If you want to avoid buying a commercial authority SSL certificate or having trouble renewing Let’s Encrypt SSL every 90 days, you can choose Cloudflare’s free certificate of origin.
Confirm your SSL/TLS mode and origin certificate setup before using this option on a live Magento store.
Magento CDN with Cloudflare FAQs
Magento CDN with Cloudflare next steps
Cloudflare can help Magento stores deliver static content faster and reduce load on the origin server.
Start by confirming your Magento base URLs, SSL/TLS settings, Cloudflare DNS records, and cache settings.
If Magento performance, CDN setup, or ecommerce reliability affects a live store, explore Liquid Web Magento hosting.
Magento CDN resources at Liquid Web
Below are some useful resources when working with Magento and CDNs at Liquid Web:
- How to resolve CORS errors in Magento 2 multi-stores using a CDN
- How to resolve CORS errors in Magento 1 or 2 multi-stores using a CDN
- Magento 2 CDN configuration: setting Up CDN access
- Magento 2 admin panel: optimizing loading speeds for admins
General CDN resources at Liquid Web
In addition to the resources listed above, the following list contains more general CDN resources:
- How does a CDN work to speed up your ecommerce site?
- How to reconfigure your site from using CDN
- What does purge the CDN mean? Purging the CDN
- How to access your CDN from your Client Portal
- What is a Content Delivery Network? CDN benefits and features
SSL-Related Resources at Liquid Web
See the following list of SSL-related resources that you may find useful:
- What are SSL certificates?
- How to enable Let’s Encrypt
- How to purchase SSL certificates from your Client Portal
- How to install SSL certificates in SiteWorx
- How to install SSL certificates in the Cloud
- How to import SSL certificates in your Client Portal
- How to cancel an SSL certificate
- Standard SSL: What is a standard SSL certificate?
Recent articles
- Cloudflare WordPress setup for your CDN solution
- Cloudflare SSL with Cloudflare origin certificate
- What is Cloudflare CDN? How to use Cloudflare CDN
- What is a Content Delivery Network (CDN)?
- Magento 2 CDN configuration: setting up CDN access
- Liquid Web hosting and Liquid Web Client Portal guide
Ready to get started?
Get the fastest, most secure Magento hosting on the market
Additional resources
Magento 2 + Cloudinary tutorial →
Discover how to set up Cloudinary to optimize images and media.
Magento 2 CDN configuration →
Learn how a Magento CDN can support faster page loads.
How to disable caching in Magento →
Find out how to disable Magento caching for testing and development.
