How to Check if a Website Uses Cloudflare with OpDeck's Tool

If you need to check if a website uses Cloudflare, you've landed in the right place. Whether you're a developer doing competitive research, a security analyst investigating infrastructure, or a site owner trying to verify your own CDN setup, knowing whether a target domain is sitting behind Cloudflare is genuinely useful information. This guide walks you through exactly how to do it — using both manual technical methods and a purpose-built tool that gives you instant, reliable answers.

Why You'd Want to Check If a Website Uses Cloudflare

Before diving into the how, let's briefly cover the why — because understanding the motivation shapes which method makes the most sense for you.

Competitive and infrastructure research is one of the most common reasons. If you're building a product or service and want to understand how competitors protect and deliver their web assets, knowing they use Cloudflare tells you a lot: they're likely using DDoS protection, a global CDN, and possibly Cloudflare's WAF (Web Application Firewall).

Security assessments are another major use case. Penetration testers and security researchers need to know if a target is behind Cloudflare because it changes how they approach reconnaissance. Cloudflare masks the origin server's real IP address, which means standard IP-based scanning won't reach the actual server.

Verifying your own setup is surprisingly common too. After configuring Cloudflare on a domain, many developers want to confirm the DNS changes have fully propagated and that traffic is actually routing through Cloudflare's network.

Debugging performance or connectivity issues sometimes requires knowing whether Cloudflare is in the mix. If a site is behaving unexpectedly — strange caching behavior, unexpected redirects, or unusual error pages — Cloudflare's presence (or absence) can explain a lot.

How Cloudflare Works: A Quick Technical Background

To understand how to detect Cloudflare, it helps to understand what Cloudflare actually does at the network level.

When a website uses Cloudflare, the domain's DNS records are changed to point to Cloudflare's anycast IP addresses rather than the origin server's IP. All incoming traffic flows through Cloudflare's edge network first, where it can be filtered, cached, optimized, and then forwarded to the origin server.

This means:

• The IP addresses returned by a DNS lookup will belong to Cloudflare's IP ranges (typically in the 104.x.x.x, 172.64.x.x, or 198.41.x.x blocks)
• HTTP response headers will contain Cloudflare-specific headers like cf-ray, cf-cache-status, and server: cloudflare
• SSL certificates may be issued by Cloudflare or show Cloudflare in the certificate chain
• Error pages (like 1020, 1006, or 522 errors) follow Cloudflare's branded format

Each of these signals can be used to detect Cloudflare's presence, which is exactly what detection tools look for.

The Fastest Way to Check If a Website Uses Cloudflare

The quickest and most reliable method is to use OpDeck's Cloudflare Detection tool. It's free, requires no signup, and gives you an immediate answer with supporting evidence.

Here's how to use it:

1. Go to https://www.opdeck.co/tools/cloudflare
2. Enter the domain or URL you want to check (e.g., example.com)
3. Click the analyze button
4. Review the results

The tool checks multiple signals simultaneously — DNS records, HTTP response headers, IP range lookups, and SSL certificate details — and presents a clear verdict: yes, this site uses Cloudflare, or no, it doesn't.

What makes this particularly useful compared to doing it manually is that it handles edge cases well. Some sites use Cloudflare only for certain subdomains, or they have partial configurations where some traffic goes through Cloudflare and some doesn't. The tool surfaces these nuances rather than giving you a simple binary answer that might be misleading.

Manual Methods to Check for Cloudflare

If you prefer to do the detection yourself — or want to understand what's happening under the hood — here are the main technical approaches.

Method 1: Check HTTP Response Headers

The most reliable single indicator of Cloudflare is the presence of Cloudflare-specific HTTP headers. You can check these with curl:

curl -I https://example.com

Look for these headers in the response:

server: cloudflare
cf-ray: 7a1b2c3d4e5f6789-IAD
cf-cache-status: DYNAMIC

The cf-ray header is particularly definitive — it's a unique request identifier that Cloudflare adds to every request passing through its network. If you see cf-ray in the response headers, the site is definitely using Cloudflare.

The server: cloudflare header is also strong evidence, though theoretically a server could spoof this (though there's rarely any reason to).

cf-cache-status tells you whether Cloudflare served the response from cache (HIT), bypassed the cache (BYPASS), or the content was dynamic (DYNAMIC).

Here's a more verbose curl command that shows you the full response headers in a readable format:

curl -sI https://example.com | grep -i "cf-\|server:"

This filters the output to show only Cloudflare-related headers and the server header, making it easier to scan the results quickly.

Method 2: DNS Lookup

Checking the DNS records of a domain can reveal Cloudflare's involvement. When a domain is proxied through Cloudflare (the orange cloud in Cloudflare's DNS dashboard), its A records resolve to Cloudflare's IP addresses.

Use dig to check:

dig A example.com

Or with nslookup:

nslookup example.com

If the returned IP addresses fall within Cloudflare's published IP ranges, the site is using Cloudflare's proxy. Cloudflare publishes their IP ranges at https://www.cloudflare.com/ips/, but the key ranges to recognize are:

103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
104.16.0.0/13
104.24.0.0/14
108.162.192.0/18
131.0.72.0/22
141.101.64.0/18
162.158.0.0/15
172.64.0.0/13
173.245.48.0/20
188.114.96.0/20
190.93.240.0/20
197.234.240.0/22
198.41.128.0/17

If the IP returned by your DNS lookup falls into any of these ranges, the domain is proxied through Cloudflare.

Note that some domains use Cloudflare's DNS service (for management purposes) without proxying their traffic through Cloudflare. In that case, the DNS records will show the origin server's IP, not a Cloudflare IP. The nameservers themselves will be something like alice.ns.cloudflare.com and bob.ns.cloudflare.com, which tells you the domain uses Cloudflare for DNS management — but traffic may not be going through the CDN/proxy layer.

Method 3: Check Nameservers

To see if a domain uses Cloudflare for DNS (even if not proxying traffic), check the nameservers:

dig NS example.com

Cloudflare nameservers follow the pattern [name].ns.cloudflare.com. If you see these, the domain's DNS is managed through Cloudflare, which is a strong indicator that Cloudflare is involved in the site's infrastructure even if the proxy isn't enabled for every record.

Method 4: SSL Certificate Inspection

Cloudflare issues SSL certificates for domains using its proxy service. You can inspect the SSL certificate to look for Cloudflare's fingerprints:

echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -issuer -subject

Cloudflare-issued certificates often show an issuer like:

issuer= /C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3

However, this method is less reliable than header inspection because site owners can use their own certificates even when behind Cloudflare (using Cloudflare's "Full (Strict)" SSL mode with a custom certificate).

Method 5: Look for Cloudflare Error Pages

If you trigger an error on the site (or if the site is temporarily down), Cloudflare's error pages are visually distinctive. They typically show a Cloudflare logo, a Ray ID in the format Ray ID: 7a1b2c3d4e5f6789, and error codes like:

• 1000-1099: Cloudflare DNS resolution errors
• 520-527: Origin server errors (Cloudflare couldn't reach the origin)
• 1020: Access denied by Cloudflare's firewall rules

These error pages are a definitive signal, but you obviously can't rely on triggering errors just to detect Cloudflare.

What the Results Actually Mean

Once you've confirmed a site uses Cloudflare — whether through the OpDeck tool or manual methods — here's what that tells you:

The Origin IP Is Hidden

This is the most significant implication for security research and reconnaissance. The IP addresses you see in DNS are Cloudflare's, not the origin server's. Finding the real origin IP requires other techniques (historical DNS records, SSL certificate transparency logs, mail server records, etc.) and is considerably more difficult.

DDoS Protection Is Active

Cloudflare provides DDoS mitigation by default for all proxied domains. This means volumetric attacks are absorbed at Cloudflare's edge before reaching the origin.

A WAF May Be in Place

Depending on the Cloudflare plan, a Web Application Firewall may be filtering requests. This is relevant for security testing — some payloads may be blocked before reaching the application.

Caching Is Likely Involved

Cloudflare caches static assets (and sometimes dynamic content) at its edge nodes. This means the content you're seeing might not reflect the very latest version on the origin server, and cache-related headers (cf-cache-status) can tell you whether a response was served from cache.

Performance Is Optimized

Cloudflare's CDN distributes content globally, so the site likely loads faster for users in different geographic regions than it would from a single origin server.

Checking If a Specific Subdomain Uses Cloudflare

It's worth noting that Cloudflare can be enabled on a per-record basis. A company might proxy their main website (www.example.com) through Cloudflare but have their API subdomain (api.example.com) pointing directly to an origin server without Cloudflare's proxy.

To check a specific subdomain, run the same DNS and header checks against that subdomain explicitly:

curl -I https://api.example.com | grep -i "cf-\|server:"
dig A api.example.com

The OpDeck Cloudflare Detection tool also accepts subdomains, so you can check individual records rather than just the apex domain.

Common False Positives and Edge Cases

A few scenarios can complicate Cloudflare detection:

Cloudflare for Teams / Access: Some organizations use Cloudflare Access to protect internal applications. The Cloudflare headers will be present, but the use case is authentication/access control rather than CDN/performance.

Cloudflare Workers: Sites built on Cloudflare Workers respond from Cloudflare's infrastructure by design — there may not be a traditional origin server at all. The cf-ray header will be present, but the architecture is fundamentally different from a traditional website with Cloudflare as a proxy.

Partial Cloudflare usage: As mentioned, some DNS records are proxied and some aren't. A domain might use Cloudflare's CDN for the web frontend but direct connections for SMTP or FTP.

Cloudflare Spectrum: This extends Cloudflare's protection to non-HTTP protocols (TCP/UDP). Detection methods based on HTTP headers won't work for these.

Automating Cloudflare Detection at Scale

If you need to check multiple domains — say, you're analyzing a list of competitors or auditing a large portfolio of sites — you can script the header check:

#!/bin/bash
domains=("example1.com" "example2.com" "example3.com")

for domain in "${domains[@]}"; do
  result=$(curl -sI "https://$domain" | grep -i "cf-ray")
  if [ -n "$result" ]; then
    echo "$domain: Uses Cloudflare ✓"
  else
    echo "$domain: No Cloudflare detected"
  fi
done

This script checks for the cf-ray header as the primary signal. You could extend it to also check DNS records and nameservers for a more comprehensive detection.

Conclusion

Knowing how to check if a website uses Cloudflare is a practical skill with applications across development, security research, competitive analysis, and infrastructure auditing. The fastest route is using OpDeck's Cloudflare Detection tool, which automates the multi-signal analysis and gives you clear, actionable results in seconds. For those who prefer hands-on inspection, the manual methods — HTTP header analysis, DNS lookups, nameserver checks, and SSL certificate inspection — give you the same information with more visibility into the underlying signals.

Ready to check a domain right now? Head over to OpDeck's Cloudflare Detection tool and get your answer instantly. And if you're doing broader infrastructure research, OpDeck's full suite of tools covers everything from DNS lookups to SSL certificate checks, tech stack detection, and security header analysis — all in one place.