Welcome WAF Tester
The Cloudflare Web Application Firewall (Cloudflare WAF) checks incoming web and API requests and filters undesired traffic based on sets of rules called rulesets.
Learn more about the product
here
Query parameter names for XSS
XSS in HTML context -
?globalHtml=payload
XSS in HTML attribute context -
?attributeHtml=payload
Mandatory Requirement
Test report should clearly show evidence of bypass
Example: for XSS bypass, you must execute arbitrary Javascript. This means an alert(1) pop-up at minumum.