Auth

Cloudflare Zero Trust

View as Markdown

If your site sits behind Cloudflare Zero Trust (Access), the TesterArmy browser is blocked at the edge before your app ever loads. Save the bypass headers in TesterArmy and they will be sent on every request to your deployment host so tests can reach the application.

When you need this

You need this when your site is protected by a Cloudflare Access application and you see one of:

  • A Cloudflare Access login screen instead of your app.
  • HTTP 401, 403, or a Cloudflare-branded block page on the deployment host.
  • Tests pass locally with your own browser session but fail in TesterArmy at the very first navigation.

You do not need this for:

Pick a bypass method

Cloudflare supports two ways to let an automated client through Access. Either works with TesterArmy.

Option A — Service tokens (recommended)

A service token is a Client ID + Client Secret pair generated in the Cloudflare dashboard. Your Access policy must include a Service Auth rule that allows this token.

  1. In Cloudflare: Zero Trust → Access → Service Auth → Service Tokens → Create Service Token. Set a name and a duration.
  2. Copy the Client ID and Client Secret. The secret is shown only once.
  3. Open the Access application that protects your site: Access → Applications → <your app> → Policies → Add policy.
  4. Set Action: Service Auth and add an Include rule of type Service Token matching the token you just created. Save.

The token now grants access when these two headers are present on the request:

CF-Access-Client-Id: <CLIENT_ID>
CF-Access-Client-Secret: <CLIENT_SECRET>

Option B — Bypass policy with a custom header

Use this if you cannot create a service token (for example, you only manage one Access application and prefer a single shared secret).

  1. In Cloudflare: open the Access application → Policies → Add policy.
  2. Set Action: Bypass.
  3. Add an Include rule of type HTTP header with a header name and value of your choice — e.g. X-Tester-Army-Bypass equals a long random secret. Save.

Cloudflare will allow any request that carries that exact header.

Save the headers in TesterArmy

  1. Go to Project Settings → Integrations → Site Protection.
  2. Click Set up on the Cloudflare Zero Trust card.
  3. Enter the header pair(s):
    • Service tokens: fill CF-Access-Client-Id and CF-Access-Client-Secret in the two default rows.
    • Bypass policy: clear the default rows and add your custom header name and value.
  4. Click Save headers.