Set AI crawler rules at the origin: Cloudflare Markdown for Agents now preserves Content-Signal headers

Official Cloudflare image for Markdown for Agents.Cloudflare Blog
Official Cloudflare image for Markdown for Agents.Cloudflare Blog
AI & Automation

Cloudflare's July 13 update makes origin-set Content-Signal, security, and cache headers survive Markdown for Agents conversion, giving publishers a clearer control point for AI-readable web pages.

Confirmed: Cloudflare updated Markdown for Agents on July 13, 2026 so converted Markdown responses preserve origin-set security, cache, and Content-Signal headers. The important change is control placement: if your origin already sends a content-signal policy, Cloudflare now keeps that policy instead of only applying the service default.

Cloudflare Markdown for Agents official visual
Cloudflare Markdown for Agents official visual

Image: Cloudflare's official Markdown for Agents visual.

What changed

Cloudflare's Markdown for Agents converts HTML pages into text/markdown when a client requests Markdown through HTTP content negotiation. The July 13 update says converted responses now preserve headers that matter for security and caching, including HSTS, CSP, X-Frame-Options, Set-Cookie, CORS headers, Cache-Control, Expires, and Age.

The policy detail matters more than the format detail. Cloudflare says an origin-supplied content-signal header is now authoritative. If the origin does not send one, Cloudflare adds the default Content-Signal: ai-train=yes, search=yes, ai-input=yes.

AreaBefore this updateAfter this updateWhat to check
AI use policyDefault Content-Signal behavior was the main visible pathOrigin content-signal can carry through conversionConfirm your intended ai-train, search, and ai-input values
Security headersConversion could create uncertainty about header survivalSecurity headers are documented as preservedTest CSP, HSTS, cookies, and CORS on Markdown responses
Cache behaviorMarkdown and HTML variants still needed careCache headers continue to pass throughVerify Vary: Accept and cache variant handling
LinksDirectory-style relative links could resolve incorrectlyCloudflare says relative link resolution now follows RFC 3986Test nested docs and blog paths

Why this is early

The change is confirmed by Cloudflare's changelog and reflected in the current Cloudflare Markdown for Agents documentation. Independent coverage from Search Engine Journal covered the original launch mechanics and warned publishers to review the permissive default Content-Signal values before enabling the feature.

Read the Docs also documents Markdown responses for AI agents and says the feature is powered by Cloudflare. That does not independently confirm the July 13 header-preservation release, but it shows the mechanism is already visible on a real documentation platform.

Key takeaways

  • If you use Markdown for Agents, set content-signal at the origin when you do not want Cloudflare's default AI-use policy.
  • Treat the Markdown response as a first-class representation of the same page, not a side file for bots.
  • Test security headers on Markdown responses, especially if your pages rely on CSP, cookies, CORS, or framing controls.
  • Check SEO and AI-search risk separately: content negotiation is cleaner than user-agent sniffing, but publishers still need parity between HTML and Markdown content.
  • Use Cloudflare's token headers only for planning. They are useful for agents, but they are not a privacy or licensing control.

Availability and access

Cloudflare's documentation says Markdown for Agents is available on Pro, Business, and Enterprise plans, plus SSL for SaaS customers. Site owners can enable it for a zone, selected subdomains, selected paths, or custom hostnames depending on plan and configuration.

Users can try the feature now where a Cloudflare zone has it enabled by sending an Accept: text/markdown request. For publishers, the practical work is to decide whether the default ai-train=yes, search=yes, ai-input=yes matches the site's content policy.

Practical LinkLoot angle

This is a useful update for publishers, docs teams, SaaS marketers, and developers building AI-readable sites. Markdown for Agents can reduce token waste and make pages easier for agents to parse, but the Content-Signal policy is where the business decision sits.

For teams building AI workflows, pair this with LinkLoot's guide to AI workflow automation. The workflow is simple: publish useful pages, expose clean machine-readable versions, then keep licensing, training, and search permissions explicit at the origin.

What to verify before you act

  • Confirm whether Markdown for Agents is enabled for the exact host, path, or custom hostname you care about.
  • Send a Markdown request and inspect content-type, content-signal, Vary, cache headers, CSP, cookies, CORS, and HSTS.
  • Compare the Markdown body with the HTML page to make sure important disclosures, pricing notes, legal text, and links are still present.
  • Decide whether your origin should send ai-train=no, search=yes, ai-input=yes, or another policy mix.
  • Watch for Google or other search guidance if your implementation starts serving materially different content to agents than to human users.

Source check

Confirmed by:

  • Cloudflare changelog: July 13, 2026 header-preservation update for Markdown for Agents.
  • Cloudflare documentation: current behavior for content-signal, token headers, preserved headers, feature access, and enablement.

Early signal / context:

  • Search Engine Journal: independent context on the original Cloudflare launch, default Content-Signal values, and SEO concerns.
  • Read the Docs: external adoption context showing Markdown for AI agents on a production documentation platform.

LinkLoot will treat a later Cloudflare policy change, pricing change, or search-engine guidance update as a follow-up trigger, not as proof that today's origin-header behavior should be rewritten.

FAQ

Cloudflare says converted Markdown responses now preserve origin security, cache, and Content-Signal headers, and relative links resolve more correctly for directory-style URLs.