Cloudflare
Purpose: CDN, security, DNS management, and performance layer for Pacing Agency domains.
Current use
- DNS management for three domains:
pacing.agency,pacingagency.com,pacingagency.co.uk. - CDN and proxy in front of AWS hosting; HSTS enabled; SSL via Cloudflare.
- Cloudflare Browser Insights running for RUM/performance telemetry.
- Workers and redirect rules (to be documented).
Domains managed
| Domain | Zone ID | Plan | Status | Primary use | Proxy status |
|---|---|---|---|---|---|
pacing.agency | 7b33df94002298798689223a84510c73 | Free Website | Active | Main agency website (Webflow) | Proxied |
pacingagency.com | da23822fff12b011ab03601dec1c9430 | Unknown | Active | TwentyCRM instance | Not proxied |
pacingagency.co.uk | 654b10d6d4cfb4c17d37e8339e6758d0 | Unknown | Active | Email/redirects | Mixed |
DNS Records
pacing.agency
Name servers:
cheryl.ns.cloudflare.comgreg.ns.cloudflare.com
A Records:
| Subdomain | IP | Proxy | Purpose |
|---|---|---|---|
apiforms.pacing.agency | 134.209.40.56 | Yes | API forms |
comments.pacing.agency | 91.98.226.29 | No | Comments service |
dam.pacing.agency | 91.98.226.29 | No | DAM - ResourceSpace |
email.pacing.agency | 91.99.193.35 | No | Notifuse |
forms.pacing.agency | 134.209.40.56 | Yes | Forms |
headshots.pacing.agency | 91.98.70.125 | No | HeadshotAI |
images.pacing.agency | 91.99.193.35 | No | Notifuse image CDN |
n8n.pacing.agency | 91.98.150.95 | No | N8n workflow automation |
ttluserjourney.pacing.agency | 34.36.161.3 | No | User Journey Tool (Google Cloud Run) |
CNAME Records:
| Subdomain | Target | Proxy | Purpose |
|---|---|---|---|
data.pacing.agency | eue.stape.net | No | Stape sGTM server |
form.pacing.agency | domains.opnform.com | No | OpenForm |
freeagent-mailer.pacing.agency | pm.mtasv.net | No | FreeAgent mailer |
load.data.pacing.agency | leue.stape.net | No | Stape custom loader |
pacing.agency | cdn.webflow.com | Yes | Main site (Webflow) |
www.pacing.agency | cdn.webflow.com | Yes | Main site (Webflow) |
MX Records:
| Subdomain | Priority | Target | Purpose |
|---|---|---|---|
pacing.agency | 1 | aspmx.l.google.com | Google Workspace |
pacing.agency | 5 | alt1.aspmx.l.google.com | Google Workspace |
pacing.agency | 5 | alt2.aspmx.l.google.com | Google Workspace |
pacing.agency | 10 | alt3.aspmx.l.google.com | Google Workspace |
pacing.agency | 10 | alt4.aspmx.l.google.com | Google Workspace |
front-mail.pacing.agency | 100 | mx.sendgrid.net | FrontApp support |
send.updates.pacing.agency | 10 | feedback-smtp.eu-west-1.amazonses.com | CRM1 (TwentyCRM) |
TXT Records:
| Subdomain | Value | Purpose |
|---|---|---|
pacing.agency | v=spf1 include:_spf.google.com include:spf.mtasv.net include:_spf.freeagent.com ~all | SPF record |
pacing.agency | google-site-verification=_iYPZPZnfhRF06EI7drtfQHpyOQIgzuQSBc8pbmDRII | Google Search Console |
pacing.agency | google-site-verification=oiSUoEn_XBqNiDth2oE2Xa-WyQNibpclETYyQtvFgmM | Google Search Console |
pacing.agency | pinterest-site-verification=240531e3e0e643455f627266dfb9582a | Pinterest verification |
_dmarc.pacing.agency | v=DMARC1; p=none; rua=mailto:15f85ec1560545c6960f494ffb78da31@dmarc-reports.cloudflare.net; fo=1; pct=100; aspf=r; adkim=s | DMARC policy |
_webflow.pacing.agency | one-time-verification=9c50407e-6e33-4500-8606-303122c4e1a0 | Webflow verification |
google._domainkey.pacing.agency | DKIM key (Google) | Email authentication |
fnt._domainkey.pacing.agency | DKIM key (FrontApp) | Email authentication |
20250303124725pm._domainkey.pacing.agency | DKIM key | Email authentication |
front-mail.pacing.agency | v=spf1 include:sendgrid.net ~all | SPF (FrontApp) |
send.updates.pacing.agency | v=spf1 include:amazonses.com ~all | SPF (CRM1) |
resend._domainkey.updates.pacing.agency | DKIM key (Resend) | Email authentication |
pacingagency.com
Name servers:
cheryl.ns.cloudflare.comgreg.ns.cloudflare.com
A Records:
| Subdomain | IP | Proxy | Purpose |
|---|---|---|---|
pacingagency.com | 49.13.82.194 | No | TwentyCRM instance |
*.pacingagency.com | 49.13.82.194 | No | Wildcard (TwentyCRM) |
MX Records:
| Subdomain | Priority | Target | Purpose |
|---|---|---|---|
pacingagency.com | 1 | smtp.google.com |
TXT Records:
| Subdomain | Value | Purpose |
|---|---|---|
pacingagency.com | google-site-verification=iHHzz4QGTEp6CwDG_fZCXxevCBr_zXMYr6n9N3-7lIE | Google Search Console |
pacingagency.co.uk
Name servers:
cheryl.ns.cloudflare.comgreg.ns.cloudflare.com
A Records:
| Subdomain | IP | Proxy | Purpose |
|---|---|---|---|
pacingagency.co.uk | 192.0.2.1 | Yes | Main redirect (Cloudflare Rules) |
mail.pacingagency.co.uk | 157.90.126.220 | No | Mail server |
CNAME Records:
| Subdomain | Target | Proxy | Purpose |
|---|---|---|---|
autoconfig.pacingagency.co.uk | mail.pacingagency.co.uk | No | Email autoconfig |
autodiscover.pacingagency.co.uk | mail.pacingagency.co.uk | No | Email autodiscover |
mta-sts.pacingagency.co.uk | mail.pacingagency.co.uk | No | MTA-STS |
MX Records:
| Subdomain | Priority | Target | Purpose |
|---|---|---|---|
pacingagency.co.uk | 10 | mail.pacingagency.co.uk |
TXT Records:
| Subdomain | Value | Purpose |
|---|---|---|
pacingagency.co.uk | v=spf1 mx a:mail.pacingagency.co.uk -all | SPF record |
_dmarc.pacingagency.co.uk | v=DMARC1; p=reject; rua=mailto:postmaster@pacingagency.co.uk | DMARC policy (reject) |
_mta-sts.pacingagency.co.uk | v=STSv1; id=20241204 | MTA-STS |
Infrastructure notes
Hetzner Cloud IPs:
91.98.226.29- Comments, DAM (ResourceSpace)91.99.193.35- Email (Notifuse), Images (Notifuse CDN)91.98.70.125- Headshots (HeadshotAI)91.98.150.95- N8n49.13.82.194- TwentyCRM (pacingagency.com)157.90.126.220- Mail server (pacingagency.co.uk)
Other IPs:
134.209.40.56- API forms, Forms (likely DigitalOcean or similar)34.36.161.3- User Journey Tool (Google Cloud Run)
Automation Scripts and Resources
scripts/resources/cloudflare/cloudflare-fetch-zones.sh: Fetches zone information, DNS records, SSL settings, Workers routes, and redirect rules for all three domains via Cloudflare API.- Output files:
cloudflare-zones-full.json,cloudflare-zones-output.json(stored inscripts/resources/cloudflare/).
n8n Automations
Cache Clearing on Webflow Publish
Three active workflows automatically clear Cloudflare cache when Webflow sites are published:
| Workflow | Zone ID | Tags | Purpose |
|---|---|---|---|
| Pacing Website - Cache Clear On Publish | 7b33df94002298798689223a84510c73 | Pacing, Webflow, Cloudflare | Clears cache for pacing.agency on publish |
| TTL Website - Cache Clear On Publish | (TTL zone) | TTL, Webflow, Cloudflare | Clears cache for TTL client site on publish |
| HML Website - Cache Clear On Publish | (HML zone) | HML, Webflow, Cloudflare | Clears cache for HML client site on publish |
How it works:
- Webflow sends a webhook to n8n when a site is published
- n8n workflow receives the webhook and triggers a Cloudflare API call
- Cloudflare cache is purged using
POST /zones/{zone_id}/purge_cachewith{"purge_everything": true} - Ensures fresh content is served immediately after Webflow publishes
Workflow IDs:
- Pacing:
N11idwXDFWNwGYDh - TTL:
KowT1FqN6Xk6UoRE - HML:
lQvLaJJihWpebP6c
See tools/n8n.md for complete workflow documentation and scripts/resources/n8n/ for workflow backups.
Dependencies
- DNS and proxy configuration for all three domains.
- Downstream: GTM loader delivered over Cloudflare edge via Stape.
- Webflow CDN for main site.
- Various self-hosted services on Hetzner Cloud.
Zone Configuration
SSL/TLS Settings
| Domain | SSL Mode | Certificate Status | Last Modified |
|---|---|---|---|
pacing.agency | Full | Active | 2025-05-08 |
pacingagency.com | Strict | Active | 2025-10-07 |
pacingagency.co.uk | Flexible | Active | 2024-07-22 |
Security Settings
- All domains: Security Level set to "Medium"
- HSTS enabled on main domain
Workers
pacing.agency
| Route Pattern | Worker Script | Purpose |
|---|---|---|
*pacing.agency/sgtm* | stape-pacing | Stape server-side GTM routing |
Note: The worker stape-pacing handles requests to /sgtm* paths on the main domain, likely for server-side Google Tag Manager processing via Stape.
Call Tracking System Worker
Worker Name: pacing-call-tracking
Subdomain: pacing-call-tracking.hello-837.workers.dev
Purpose: Edge API for dynamic number insertion (DNI) and PPC call tracking
Features:
- Number pool allocation and management
- Session tracking with Cloudflare KV
- Attribution data storage (gclid, UTM parameters)
- Reporting API for call analytics
- Integration with Twilio Functions for call handling
Storage:
- KV Namespaces: SESSIONS, CLIENTS, POOL
- R2 Bucket:
pacing-call-records(permanent call record storage)
Related Documentation:
- See
tools/twilio.mdfor complete call tracking system documentation - GitHub: https://github.com/automatestech/ppc-call-tracking
Redirect Rules
pacingagency.co.uk → pacing.agency
The redirect from pacingagency.co.uk to pacing.agency is configured via DNS (A record pointing to 192.0.2.1 with proxy enabled). The actual redirect logic is handled by Cloudflare's proxy layer or a Worker (to be confirmed).
Current configuration:
- DNS A record:
pacingagency.co.uk→192.0.2.1(proxied) - Comment in DNS: "Main Redirect - pacing.agency"
- No Transform Rules or Bulk Redirects found via API
Page Rules and Cache Rules
- No Page Rules currently configured on any domain
- Cache rules to be documented (if any)
TODO
- Document zone IDs and basic configuration
- Document SSL/TLS settings
- Document Workers routes
- Investigate redirect mechanism for pacingagency.co.uk (likely Worker or Transform Rule not visible via standard API)
- Document Browser Insights config and sampling
- Note WAF, bot, and rate-limit rules if active
- Document cache rules and page rules
- Document any additional Workers beyond stape-pacing