Web Application Firewall
Captain WAF is using OWASP Core Rule Set which is an additional layer of security for your distribution that protects from the most common vulnerabilities, including the OWASP Top 10.
On - Enable WAF
Off - Disable WAF
Detection Only - This config tells CDN to log HTTP transactions, but takes no action when an attack is detected.