Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)

Cloudflare has introduced encrypted Web Application Firewall (WAF) matched payload logging to provide better visibility into security events while ensuring user privacy. The feature logs only the malicious components of requests and encrypts them using a customer-provided key, preventing access by Cloudflare employees. It uses Hybrid Public Key Encryption (HPKE), an emerging standard developed in part by Cloudflare. This feature will be available to Enterprise customers in the coming months.