Understanding the Cloudflare Security Level

Learn how the Cloudflare Security Level controls Captcha challenges for requests from low reputation IP addresses.


Security Level uses the IP reputation of a visitor to decide whether to present a Captcha challenge page. Once the visitor enters the correct Captcha, they receive the appropriate website resources. IP Reputation is collected from Project Honeypot.    

  • Essentially off: Only challenges IP addresses with the worst reputation.
  • Low: Challenges only the most threatening visitors.
  • Medium: Challenges both moderate threat visitors and the most threatening visitors.
  • High: Challenges all visitors that exhibit threatening behavior within the last 14 days.
  • I’m Under Attack!: Only for use if your website is currently under a DDoS attack.

Cloudflare sets Security Level to Medium by default.  Change the Security Level settings via the Cloudflare Firewall app under the Settings tab.

To prevent bot IPs from attacking a website, a new website owner might set a Medium or High Security Level and lower Challenge Passage 5 to 30 minutes to ensure that Cloudflare is constantly protecting the site.  Alternatively, an experienced website administrator that is confident in their security settings might set Security Level to Essentially Off or Low while setting a higher Challenge Passage for a week, month, or even year to provide a less obtrusive visitor experience.

Only use I'm Under Attack! mode when a website is under a DDoS attack.  I'm Under Attack! mode may affect some actions on your domain, such as your API traffic.  Set a custom Security Level for your API or any other part of your domain by creating a Page Rule for that portion of your site traffic.

Related resources

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.