Cloudflare usually enters a business website as a sensible infrastructure choice: DNS, CDN, SSL, maybe a few redirects. The problems start later. Marketing needs campaign URLs. A developer adds a bypass for /wp-admin. An agency sets a staging hostname rule. Someone migrates an old Page Rule to a modern Cache Rule. A year later, Cloudflare is no longer just "in front of the site". It is part of how the site routes, caches, and responds to search engines and users.
That matters because the failure mode is quiet. You do not always get an outage. You get a form flow that behaves differently for repeat visitors, a redirect chain that only appears on one hostname, a cached HTML response that should have stayed private, or a launch that looks fine in a browser but sends the wrong signals to Google. For business owners, operations leads, and agency teams, this is not infrastructure trivia. It is lead flow, reporting quality, and change risk.
Why Page Rules debt turns into commercial risk
Cloudflare's current rules model is different from the older mental model many teams still use. Modern Rules products can stack, are evaluated in a fixed sequence, and take precedence over Page Rules. That means a newer redirect, cache, or origin rule can quietly override behavior the business still depends on. If the site has been maintained across redesigns, migrations, or multiple vendors, it is common for nobody to be fully sure which layer owns a given URL pattern.
The caching part is where this gets expensive. Cloudflare does not cache HTML by default, and it will not cache when headers such as Set-Cookie are present or when the request is not a GET. But Cloudflare can cache certain response codes even when Cache-Control is missing, and Cloudflare's Page Rules migration guidance warns that choosing Eligible for cache in a Cache Rule enables cache-everything behavior by default. That is the kind of small dashboard decision that can change how landing pages, previews, quote flows, or logged-in sessions behave without looking dramatic at first glance.
The SEO side is just as practical. Google still recommends permanent server-side redirects when a URL has actually moved, and it treats 301 and 308 differently from 302 and 307 as canonical signals. Google also documents that 4xx URLs are not used for indexing and are removed over time, while persistent 5xx and 429 responses slow crawling and can eventually push indexed URLs out. So if an edge change alters redirect logic or status codes, you are not just "tuning Cloudflare". You are changing how prospects and crawlers reach revenue pages.
Where teams usually get trapped
- Old Page Rules still exist, but newer Redirect Rules or Cache Rules now take precedence.
- Cloudflare redirects, web-server rewrites, and CMS redirect plugins all try to solve the same URL problem.
- Login, preview, cart, quote, or account paths were never given explicit cache bypass rules.
robots.txt, campaign landing pages, and canonical URLs were never retested after an edge change.- A Worker, Snippet, or origin override was added later, but the handover documentation never caught up.
WordPress and Drupal sites are especially prone to this because the application is only one layer in the request path. The edge, the web server, and the CMS can all make locally sensible changes that become globally confusing once enough exceptions accumulate.
A practical audit that actually helps
The right first step is usually not a rebuild. It is a request-path audit with business priorities attached to it.
- Inventory every place that can change request handling: Cloudflare Page Rules, Redirect Rules, Cache Rules, Origin Rules, Workers or Snippets, server rewrites, and CMS-level redirect or cache plugins.
- Build a URL test set around commercial risk, not just templates. Include homepage variants, key service pages, forms, quote or checkout steps, admin and preview routes,
robots.txt, sitemaps, media URLs, and campaign landing pages. - Test with repeatable requests, not only browser clicks. At minimum, check status codes,
Location,Cache-Control,Set-Cookie, canonical output, andCF-Cache-Status.
curl -I https://www.example.com/old-url
curl -I -L https://www.example.com/old-url
curl -I -H 'Cookie: wordpress_logged_in=1' https://www.example.com/
- Use Cloudflare Trace when the result is unclear. It is one of the fastest ways to see which rules were evaluated and which one actually executed.
- Collapse overlapping logic. Decide which redirects belong at Cloudflare, which belong at the server, and which should stay in the CMS. In most cases, one authoritative redirect layer is safer than three partial ones.
What good looks like after cleanup
A healthy setup is not the one with the most rules. It is the one a new team member can explain without guesswork. That normally means:
- one documented redirect owner for permanent URL moves;
- explicit cache bypasses for authenticated, preview, cart, checkout, and other sensitive paths;
- a short list of SEO-critical URLs with expected status codes and redirect targets;
- clear hostname and origin rules for production, staging, and legacy domains;
- a lightweight change process so edge changes are tested like production changes, not made as folklore in a dashboard.
For agency teams, this is also where handover quality improves. Instead of leaving screenshots and tribal knowledge behind, you leave a rule map, a test checklist, and a smaller configuration surface. That reduces support drag and makes future launches safer.
Why this is valuable consulting work
This kind of cleanup sits between infrastructure, SEO, CMS behavior, and delivery management, so it often goes unowned. Designers do not own it. Content teams cannot see it. Developers may be focused deeper in the stack. Meanwhile the business experiences the symptoms as random underperformance. Greg is useful here because the work is not only technical. It is operational: identify the real request path, remove overlap, and turn a fragile edge setup into something the business can safely change.
If your site has accumulated years of Cloudflare exceptions, old Page Rules, and hard-to-explain redirect or cache behavior, Greg can audit the setup, simplify it, and document the parts that actually matter. See how Greg works as a digital project manager.
Need help with this kind of work?
Talk to Greg about a Cloudflare audit or website operations cleanup Get in touch with Greg.