---
title: Fields reference
image: https://developers.cloudflare.com/core-services-preview.png
---

> Documentation Index  
> Fetch the complete documentation index at: https://developers.cloudflare.com/ruleset-engine/llms.txt  
> Use this file to discover all available pages before exploring further.

[Skip to content](#%5Ftop) 

# Fields reference

Categories Body Bots Geolocation Headers JWT validation Raw fields Request Response SSL/TLS URI mTLS

[cf.api\_gateway.auth\_id\_presentIndicates whether the request contained an API session authentication token, as defined by API Shield's saved session identifiers.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.api%5Fgateway.auth%5Fid%5Fpresent/)[cf.api\_gateway.fallthrough\_detectedIndicates whether the request matched a saved endpoint in Endpoint Management.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.api%5Fgateway.fallthrough%5Fdetected/)[cf.api\_gateway.request\_violates\_schemaIndicates whether the request violated the schema assigned to the respective saved endpoint.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.api%5Fgateway.request%5Fviolates%5Fschema/)[cf.bot\_management.corporate\_proxyIndicates whether the incoming request comes from an identified Enterprise-only cloud-based corporate proxy or secure web gateway.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.bot%5Fmanagement.corporate%5Fproxy/)[cf.bot\_management.detection\_idsList of IDs that correlate to the Bot Management heuristic detections made on a request.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.bot%5Fmanagement.detection%5Fids/)[cf.bot\_management.ja3\_hashProvides an SSL/TLS fingerprint to help you identify potential bot requests.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.bot%5Fmanagement.ja3%5Fhash/)[cf.bot\_management.ja4Provides an SSL/TLS fingerprint to help you identify potential bot requests.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.bot%5Fmanagement.ja4/)[cf.bot\_management.js\_detection.passedIndicates whether the visitor has previously passed a JS Detection.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.bot%5Fmanagement.js%5Fdetection.passed/)[cf.bot\_management.scoreRepresents the likelihood that a request originates from a bot using a score from 1–99.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.bot%5Fmanagement.score/)[cf.bot\_management.signed\_agentIndicates whether or not the request originated from a known signed agent.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.bot%5Fmanagement.signed%5Fagent/)[cf.bot\_management.static\_resourceIndicates whether static resources should be included when you create a rule using cf.bot\_management.score.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.bot%5Fmanagement.static%5Fresource/)[cf.bot\_management.verified\_botIndicates whether the request originated from a known good bot or crawler.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.bot%5Fmanagement.verified%5Fbot/)[cf.client.botIndicates whether the request originated from a known good bot or crawler.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.client.bot/)[cf.edge.client\_tcpIndicates if the request was made over TCP.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.edge.client%5Ftcp/)[cf.edge.l4.delivery\_rateThe most recent data delivery rate estimate for the client connection, in bytes per second.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.edge.l4.delivery%5Frate/)[cf.edge.server\_ipRepresents the global network's IP address to which the HTTP request has resolved.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.edge.server%5Fip/)[cf.edge.server\_portRepresents the port number at which the Cloudflare global network received the request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.edge.server%5Fport/)[cf.hostname.metadataReturns the string representation of the per-hostname custom metadata JSON object set by SSL for SaaS customers.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.hostname.metadata/)[cf.llm.prompt.custom\_topic\_categoriesA map of custom topic labels to relevance scores (1–99) for the LLM prompt in the request.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.custom%5Ftopic%5Fcategories/)[cf.llm.prompt.detectedIndicates whether Cloudflare detected an LLM prompt in the incoming request.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.detected/)[cf.llm.prompt.injection\_scoreA score from 1–99 that represents the likelihood that the LLM prompt in the request is trying to perform a prompt injection attack.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.injection%5Fscore/)[cf.llm.prompt.pii\_categoriesArray of string values with the personally identifiable information (PII) categories found in the LLM prompt included in the request.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii%5Fcategories/)[cf.llm.prompt.pii\_detectedIndicates whether any personally identifiable information (PII) has been detected in the LLM prompt included in the request.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii%5Fdetected/)[cf.llm.prompt.token\_countAn estimated token count for the LLM prompt in the request.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.token%5Fcount/)[cf.llm.prompt.unsafe\_topic\_categoriesArray of string values with the type of unsafe topics detected in the LLM prompt.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe%5Ftopic%5Fcategories/)[cf.llm.prompt.unsafe\_topic\_detectedIndicates whether the incoming request includes any unsafe topic category in the LLM prompt.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe%5Ftopic%5Fdetected/)[cf.random\_seedReturns per-request random bytes that you can use in the uuidv4() function.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.random%5Fseed/)[cf.ray\_idThe Ray ID of the current request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.ray%5Fid/)[cf.response.1xxx\_codeContains the specific code for 1XXX Cloudflare errors.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.response.1xxx%5Fcode/)[cf.response.error\_typeA string with the type of error in the response being returned.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.response.error%5Ftype/)[cf.threat\_scoreRepresents a Cloudflare threat score.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.threat%5Fscore/)[cf.timings.client\_quic\_rtt\_msecThe smoothed QUIC round-trip time (RTT) between Cloudflare and the client in milliseconds.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.timings.client%5Fquic%5Frtt%5Fmsec/)[cf.timings.client\_tcp\_rtt\_msecThe smoothed TCP round-trip time (RTT) between Cloudflare and the client in milliseconds.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.timings.client%5Ftcp%5Frtt%5Fmsec/)[cf.timings.edge\_msecThe time spent processing a request within the Cloudflare global network in milliseconds.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.timings.edge%5Fmsec/)[cf.timings.origin\_ttfb\_msecThe round-trip time (RTT) between the Cloudflare global network and the origin server in milliseconds.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.timings.origin%5Fttfb%5Fmsec/)[cf.timings.worker\_msecThe time spent executing a Cloudflare Worker in milliseconds.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.timings.worker%5Fmsec/)[cf.tls\_cipherThe cipher for the connection to Cloudflare.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fcipher/)[cf.tls\_ciphers\_sha1The SHA-1 fingerprint of the client TLS cipher list in received order, encoded in Base64 using big-endian format.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fciphers%5Fsha1/)[cf.tls\_client\_auth.cert\_chain\_rfc9440The mTLS client certificate chain (excluding the leaf certificate) encoded as a structured field list per RFC 9440.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fchain%5Frfc9440/)[cf.tls\_client\_auth.cert\_chain\_rfc9440\_too\_largeReturns true when the RFC 9440 encoded client certificate chain exceeds the 16 KiB size limit.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fchain%5Frfc9440%5Ftoo%5Flarge/)[cf.tls\_client\_auth.cert\_fingerprint\_sha1The SHA-1 fingerprint of the mTLS client certificate.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Ffingerprint%5Fsha1/)[cf.tls\_client\_auth.cert\_fingerprint\_sha256The SHA-256 fingerprint of the mTLS client certificate.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Ffingerprint%5Fsha256/)[cf.tls\_client\_auth.cert\_issuer\_dnThe Distinguished Name (DN) of the Certificate Authority (CA) that issued the mTLS client certificate.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fissuer%5Fdn/)[cf.tls\_client\_auth.cert\_issuer\_dn\_legacyThe Distinguished Name (DN) of the Certificate Authority (CA) that issued the mTLS client certificate in a legacy format.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fissuer%5Fdn%5Flegacy/)[cf.tls\_client\_auth.cert\_issuer\_dn\_rfc2253The Distinguished Name (DN) of the Certificate Authority (CA) that issued the mTLS client certificate in RFC 2253 format.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fissuer%5Fdn%5Frfc2253/)[cf.tls\_client\_auth.cert\_issuer\_serialSerial number of the direct issuer of the mTLS client certificate.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fissuer%5Fserial/)[cf.tls\_client\_auth.cert\_issuer\_skiThe Subject Key Identifier (SKI) of the direct issuer of the mTLS client certificate.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fissuer%5Fski/)[cf.tls\_client\_auth.cert\_not\_afterThe mTLS client certificate is not valid after this date.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fnot%5Fafter/)[cf.tls\_client\_auth.cert\_not\_beforeThe mTLS client certificate is not valid before this date.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fnot%5Fbefore/)[cf.tls\_client\_auth.cert\_presentedReturns true when an mTLS client presents a certificate (valid or not).](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fpresented/)[cf.tls\_client\_auth.cert\_revokedIndicates whether the mTLS client presented a valid but revoked client certificate.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Frevoked/)[cf.tls\_client\_auth.cert\_rfc9440The mTLS client certificate encoded as a Structured Fields Byte Sequence per RFC 9440.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Frfc9440/)[cf.tls\_client\_auth.cert\_rfc9440\_too\_largeReturns true when the RFC 9440 encoded mTLS client certificate exceeds the 10 KiB size limit.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Frfc9440%5Ftoo%5Flarge/)[cf.tls\_client\_auth.cert\_serialSerial number of the mTLS client certificate.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fserial/)[cf.tls\_client\_auth.cert\_skiThe Subject Key Identifier (SKI) of the mTLS client certificate.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fski/)[cf.tls\_client\_auth.cert\_subject\_dnThe Distinguished Name (DN) of the owner (or requester) of the mTLS client certificate.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fsubject%5Fdn/)[cf.tls\_client\_auth.cert\_subject\_dn\_legacyThe Distinguished Name (DN) of the owner (or requester) of the mTLS client certificate in a legacy format.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fsubject%5Fdn%5Flegacy/)[cf.tls\_client\_auth.cert\_subject\_dn\_rfc2253The Distinguished Name (DN) of the owner (or requester) of the mTLS client certificate in RFC 2253 format.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fsubject%5Fdn%5Frfc2253/)[cf.tls\_client\_auth.cert\_verifiedReturns true when an mTLS client presents a valid client certificate.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fauth.cert%5Fverified/)[cf.tls\_client\_extensions\_sha1The SHA-1 fingerprint of TLS client extensions, encoded in Base64 using big-endian format.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fextensions%5Fsha1/)[cf.tls\_client\_extensions\_sha1\_leThe SHA-1 fingerprint of TLS client extensions, encoded in Base64 using little-endian format.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fextensions%5Fsha1%5Fle/)[cf.tls\_client\_hello\_lengthThe length of the client hello message sent in a TLS handshake.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Fhello%5Flength/)[cf.tls\_client\_randomThe value of the 32-byte random value provided by the client in a TLS handshake, encoded in Base64.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fclient%5Frandom/)[cf.tls\_versionThe TLS version of the connection to Cloudflare.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls%5Fversion/)[cf.verified\_bot\_categoryProvides the type and purpose of a verified bot.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.verified%5Fbot%5Fcategory/)[cf.waf.auth\_detectedIndicates whether the Cloudflare WAF detected authentication credentials in the request.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.auth%5Fdetected/)[cf.waf.content\_scan.has\_failedIndicates whether the file scanner was unable to scan any of the content objects detected in the request.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.content%5Fscan.has%5Ffailed/)[cf.waf.content\_scan.has\_malicious\_objIndicates whether the request contains at least one malicious content object.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.content%5Fscan.has%5Fmalicious%5Fobj/)[cf.waf.content\_scan.has\_objIndicates whether the request contains at least one content object.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.content%5Fscan.has%5Fobj/)[cf.waf.content\_scan.num\_malicious\_objThe number of malicious content objects detected in the request (zero or greater).Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.content%5Fscan.num%5Fmalicious%5Fobj/)[cf.waf.content\_scan.num\_objThe number of content objects detected in the request (zero or greater).Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.content%5Fscan.num%5Fobj/)[cf.waf.content\_scan.obj\_resultsAn array of scan results in the order the content objects were detected in the request.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.content%5Fscan.obj%5Fresults/)[cf.waf.content\_scan.obj\_sizesAn array of file sizes in bytes, in the order the content objects were detected in the request.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.content%5Fscan.obj%5Fsizes/)[cf.waf.content\_scan.obj\_typesAn array of file types in the order the content objects were detected in the request.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.content%5Fscan.obj%5Ftypes/)[cf.waf.credential\_check.password\_leakedIndicates whether the password detected in the request was previously leaked.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.credential%5Fcheck.password%5Fleaked/)[cf.waf.credential\_check.username\_and\_password\_leakedIndicates whether the auth credentials detected in the request (username-password pair) were previously leaked.Pro or above](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.credential%5Fcheck.username%5Fand%5Fpassword%5Fleaked/)[cf.waf.credential\_check.username\_leakedIndicates whether the username detected in the request was previously leaked.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.credential%5Fcheck.username%5Fleaked/)[cf.waf.credential\_check.username\_password\_similarIndicates whether a similar version of the username and password credentials detected in the request were previously leaked.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.credential%5Fcheck.username%5Fpassword%5Fsimilar/)[cf.waf.scoreA global score from 1–99 that combines the score of each WAF attack vector into a single score.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.score/)[cf.waf.score.classThe attack score class of the current request, based on the WAF attack score.Business or above](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.score.class/)[cf.waf.score.rceAn attack score from 1–99 classifying the command injection or Remote Code Execution (RCE) attack vector.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.score.rce/)[cf.waf.score.sqliAn attack score from 1–99 classifying the SQL injection (SQLi) attack vector.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.score.sqli/)[cf.waf.score.xssAn attack score from 1–99 classifying the cross-site scripting (XSS) attack vector.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.waf.score.xss/)[cf.worker.upstream\_zoneIdentifies whether a request comes from a worker or not.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.worker.upstream%5Fzone/)[http.cookieThe entire cookie as a string.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.cookie/)[http.hostThe hostname used in the full request URI.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.host/)[http.refererThe HTTP Referer request header, which contains the address of the web page that linked to the currently requested page.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.referer/)[http.request.accepted\_languagesList of language tags provided in the Accept-Language HTTP request header.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.accepted%5Flanguages/)[http.request.body.formThe HTTP request body of a form represented as a Map (or associative array).Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.form/)[http.request.body.form.namesThe names of the form fields in an HTTP request.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.form.names/)[http.request.body.form.valuesThe values of the form fields in an HTTP request.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.form.values/)[http.request.body.mimeThe MIME type of the request detected from the request body.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.mime/)[http.request.body.multipartA Map (or associative array) representation of multipart names to multipart values in the request body.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.multipart/)[http.request.body.multipart.content\_dispositionsList of Content-Disposition headers for each part in the multipart body.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.multipart.content%5Fdispositions/)[http.request.body.multipart.content\_transfer\_encodingsList of Content-Transfer-Encoding headers for each part in the multipart body.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.multipart.content%5Ftransfer%5Fencodings/)[http.request.body.multipart.content\_typesList of Content-Type headers for each part in the multipart body.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.multipart.content%5Ftypes/)[http.request.body.multipart.filenamesList of filenames for each part in the multipart body.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.multipart.filenames/)[http.request.body.multipart.namesList of multipart names for every part in the multipart body.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.multipart.names/)[http.request.body.multipart.valuesList of multipart values for every part in the multipart body.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.multipart.values/)[http.request.body.rawThe unaltered HTTP request body.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.raw/)[http.request.body.sizeThe total size of the HTTP request body (in bytes).Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.size/)[http.request.body.truncatedIndicates whether the HTTP request body is truncated.Enterprise](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.body.truncated/)[http.request.cookiesThe Cookie HTTP header associated with a request represented as a Map (associative array).Pro or above](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.cookies/)[http.request.full\_uriThe full URI as received by the web server.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.full%5Furi/)[http.request.headersThe HTTP request headers represented as a Map (or associative array).](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.headers/)[http.request.headers.namesThe names of the headers in the HTTP request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.headers.names/)[http.request.headers.truncatedIndicates whether the HTTP request contains too many headers.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.headers.truncated/)[http.request.headers.valuesThe values of the headers in the HTTP request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.headers.values/)[http.request.jwt.claims.audThe aud (audience) claim identifies the recipients that the JSON Web Token (JWT) is intended for.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.aud/)[http.request.jwt.claims.aud.namesThe aud (audience) claim identifies the recipients that the JSON Web Token (JWT) is intended for.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.aud.names/)[http.request.jwt.claims.aud.valuesThe aud (audience) claim identifies the recipients that the JSON Web Token (JWT) is intended for.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.aud.values/)[http.request.jwt.claims.iat.secThe iat (issued at) claim identifies the time (number of seconds) at which the JWT was issued.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.iat.sec/)[http.request.jwt.claims.iat.sec.namesThe iat (issued at) claim identifies the time (number of seconds) at which the JWT was issued.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.iat.sec.names/)[http.request.jwt.claims.iat.sec.valuesThe iat (issued at) claim identifies the time (number of seconds) at which the JWT was issued.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.iat.sec.values/)[http.request.jwt.claims.issThe iss (issuer) claim identifies the principal that issued the JWT.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.iss/)[http.request.jwt.claims.iss.namesThe iss (issuer) claim identifies the principal that issued the JWT.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.iss.names/)[http.request.jwt.claims.iss.valuesThe iss (issuer) claim identifies the principal that issued the JWT.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.iss.values/)[http.request.jwt.claims.jtiThe jti (JWT ID) claim provides a unique identifier for the JWT.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.jti/)[http.request.jwt.claims.jti.namesThe jti (JWT ID) claim provides a unique identifier for the JWT.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.jti.names/)[http.request.jwt.claims.jti.valuesThe jti (JWT ID) claim provides a unique identifier for the JWT.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.jti.values/)[http.request.jwt.claims.nbf.secThe nbf (not before) claim identifies the time (number of seconds) before which the JWT must not be accepted for processing.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.nbf.sec/)[http.request.jwt.claims.nbf.sec.namesThe nbf (not before) claim identifies the time (number of seconds) before which the JWT must not be accepted for processing.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.nbf.sec.names/)[http.request.jwt.claims.nbf.sec.valuesThe nbf (not before) claim identifies the time (number of seconds) before which the JWT must not be accepted for processing.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.nbf.sec.values/)[http.request.jwt.claims.subThe sub (subject) claim identifies the principal that is the subject of the JWT.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.sub/)[http.request.jwt.claims.sub.namesThe sub (subject) claim identifies the principal that is the subject of the JWT.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.sub.names/)[http.request.jwt.claims.sub.valuesThe sub (subject) claim identifies the principal that is the subject of the JWT.Enterprise add-on](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims.sub.values/)[http.request.methodThe HTTP method, returned as a string of uppercase characters.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.method/)[http.request.timestamp.msecThe millisecond when Cloudflare received the request, between 0–999.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.timestamp.msec/)[http.request.timestamp.secThe timestamp when Cloudflare received the request, expressed as UNIX time in seconds.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.timestamp.sec/)[http.request.uriThe URI path and query string of the request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.uri/)[http.request.uri.argsThe HTTP URI arguments associated with a request represented as a Map (associative array).](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.uri.args/)[http.request.uri.args.namesThe names of the arguments in the HTTP URI query string.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.uri.args.names/)[http.request.uri.args.valuesThe values of arguments in the HTTP URI query string.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.uri.args.values/)[http.request.uri.pathThe URI path of the request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.uri.path/)[http.request.uri.path.extensionThe lowercased file extension in the URI path without the dot (.) character.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.uri.path.extension/)[http.request.uri.queryThe entire query string, without the ? delimiter.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.uri.query/)[http.request.versionThe version of the HTTP protocol used. Use this field when different checks are needed for different versions.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.request.version/)[http.response.codeThe HTTP status code returned to the client, either set by a Cloudflare product or returned by the origin server.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.response.code/)[http.response.content\_type.media\_typeThe lowercased content type (including subtype and suffix) without any extra parameters, based on the response's Content-Type header.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.response.content%5Ftype.media%5Ftype/)[http.response.headersThe HTTP response headers represented as a Map (or associative array).](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.response.headers/)[http.response.headers.namesThe names of the headers in the HTTP response.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.response.headers.names/)[http.response.headers.valuesThe values of the headers in the HTTP response.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.response.headers.values/)[http.user\_agentThe HTTP User-Agent request header, which contains a characteristic string to identify the client operating system and web browser.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.user%5Fagent/)[http.x\_forwarded\_forThe full value of the X-Forwarded-For HTTP header.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/http.x%5Fforwarded%5Ffor/)[ip.srcThe client TCP IP address, which may be adjusted to reflect the actual address of the client using HTTP headers such as X-Forwarded-For or X-Real-IP.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src/)[ip.src.asnumThe 16-bit or 32-bit integer representing the Autonomous System (AS) number associated with the client IP address.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.asnum/)[ip.src.cityThe city associated with the client IP address.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.city/)[ip.src.continentThe continent code associated with the client IP address.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.continent/)[ip.src.countryThe 2-letter country code in ISO 3166-1 Alpha 2 format.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.country/)[ip.src.is\_in\_european\_unionWhether the request originates from a country in the European Union (EU).Business or above](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.is%5Fin%5Feuropean%5Funion/)[ip.src.latThe latitude associated with the client IP address.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.lat/)[ip.src.lonThe longitude associated with the client IP address.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.lon/)[ip.src.metro\_codeThe metro code or Designated Market Area (DMA) code associated with the incoming request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.metro%5Fcode/)[ip.src.postal\_codeThe postal code associated with the incoming request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.postal%5Fcode/)[ip.src.regionThe region name associated with the incoming request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.region/)[ip.src.region\_codeThe region code associated with the incoming request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.region%5Fcode/)[ip.src.subdivision\_1\_iso\_codeThe ISO 3166-2 code for the first-level region associated with the IP address.Business or above](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.subdivision%5F1%5Fiso%5Fcode/)[ip.src.subdivision\_2\_iso\_codeThe ISO 3166-2 code for the second-level region associated with the IP address.Business or above](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.subdivision%5F2%5Fiso%5Fcode/)[ip.src.timezone.nameThe name of the timezone associated with the incoming request.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ip.src.timezone.name/)[raw.http.request.full\_uriThe raw full URI as received by the web server without any transformation.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.request.full%5Furi/)[raw.http.request.uriThe URI path and query string of the request without any transformation.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.request.uri/)[raw.http.request.uri.argsThe raw HTTP URI arguments associated with a request represented as a Map (associative array).](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.request.uri.args/)[raw.http.request.uri.args.namesThe raw names of the arguments in the HTTP URI query string.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.request.uri.args.names/)[raw.http.request.uri.args.valuesThe raw values of arguments in the HTTP URI query string.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.request.uri.args.values/)[raw.http.request.uri.pathThe raw URI path of the request without any transformation.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.request.uri.path/)[raw.http.request.uri.path.extensionThe raw file extension in the request URI path without any transformation.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.request.uri.path.extension/)[raw.http.request.uri.queryThe entire query string without the ? delimiter and without any transformation.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.request.uri.query/)[raw.http.response.headersThe HTTP response headers without any transformation represented as a Map (or associative array).](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.response.headers/)[raw.http.response.headers.namesThe names of the headers in the HTTP response without any transformation.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.response.headers.names/)[raw.http.response.headers.valuesThe values of the headers in the HTTP response without any transformation.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/raw.http.response.headers.values/)[sslReturns true when the HTTP connection to the client is encrypted.](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/ssl/)

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/ruleset-engine/","name":"Ruleset Engine"}},{"@type":"ListItem","position":3,"item":{"@id":"/ruleset-engine/rules-language/","name":"Rules language"}},{"@type":"ListItem","position":4,"item":{"@id":"/ruleset-engine/rules-language/fields/","name":"Fields"}},{"@type":"ListItem","position":5,"item":{"@id":"/ruleset-engine/rules-language/fields/reference/","name":"Fields reference"}}]}
```