Cloudflare configuration for origin access protection

I’m setting up an application on platform, the application will have Cloudflare in front as a CDN.

The documentation for doing this sort of thing mentions using HTTP Authentication:
and says that this is the recommended way to protect access to the origin when using Cloudflare.

But I can’t see how to add the custom HTTP header with the authentication details that Cloudflare will add to each request, is it a page rule? If so, which rule? Am I missing something? Do I need to be on a specific paid level of plan for cloudflare?