opdeck / blog / detect-cloudflare-cdn-website

How to Detect Cloudflare CDN on a Website: A Step-by-Step Guide

April 11, 2026 / OpDeck Team
CloudflareCDN DetectionWeb SecurityNetwork AnalysisWebsite Audit

If you've ever wondered how to detect Cloudflare CDN on a website, you're not alone. Whether you're doing competitive research, troubleshooting network issues, auditing a client's infrastructure, or just curious about how a site is set up, identifying Cloudflare's presence is a surprisingly useful skill. The good news is there are several reliable methods — from quick manual checks to dedicated tools — that can tell you definitively whether a site is running behind Cloudflare's network. This guide walks you through every approach, step by step.

Why You'd Want to Detect Cloudflare on a Website

Before diving into the methods, it's worth understanding why this matters. Cloudflare is one of the most widely deployed CDN and security services on the internet, powering millions of websites. Knowing whether a site uses Cloudflare can tell you a lot:

  • Security posture: Cloudflare provides DDoS protection, a Web Application Firewall (WAF), and bot mitigation. If a site uses it, certain attack vectors are likely blocked.
  • Performance expectations: Cloudflare caches static assets globally, so you can expect faster load times for geographically distributed users.
  • Infrastructure insights: Knowing the CDN in use helps you understand the tech stack, which is useful for competitive analysis or due diligence.
  • Troubleshooting: If a site is behaving unexpectedly — blocking your requests, returning cached content, or showing unusual headers — Cloudflare might be the reason.
  • Penetration testing prep: Security researchers need to know if a WAF is in place before testing, to understand what protections are active.

Now let's get into the actual detection methods.

Method 1: Use OpDeck's Cloudflare Detection Tool

The fastest and most straightforward way to detect Cloudflare CDN on a website is to use the Cloudflare Detection tool on OpDeck. It's purpose-built for exactly this task — you enter a URL, and it analyzes the site's HTTP headers, DNS records, and other signals to determine whether Cloudflare is in use.

How to Use It

  1. Go to https://www.opdeck.co/tools/cloudflare
  2. Enter the full URL of the website you want to check (e.g., https://example.com)
  3. Click the analyze button
  4. Review the results — you'll see a clear indication of whether Cloudflare is detected, along with the specific signals that triggered the detection

The tool checks for multiple Cloudflare fingerprints simultaneously, so you get a comprehensive answer rather than having to manually piece together clues from different sources. It's particularly useful when you need quick results without opening a terminal or browser developer tools.

Method 2: Check HTTP Response Headers Manually

If you prefer a hands-on approach, HTTP headers are one of the most reliable indicators of Cloudflare's presence. Cloudflare injects several distinctive headers into responses that pass through its network.

Using curl

Open your terminal and run:

curl -I https://example.com

The -I flag tells curl to fetch only the headers. Look for these Cloudflare-specific signals in the output:

CF-Ray header

CF-Ray: 7d3f8a2b1c4e5f6a-LHR

This is the most definitive indicator. The CF-Ray header is added by Cloudflare to every request that passes through its network. The alphanumeric string is a unique request identifier, and the three-letter suffix (like LHR for London Heathrow) indicates which Cloudflare data center handled the request.

Server: cloudflare header

Server: cloudflare

When Cloudflare is acting as a reverse proxy, it often replaces or overrides the origin server's Server header with its own identifier.

CF-Cache-Status header

CF-Cache-Status: HIT

This header indicates whether the response was served from Cloudflare's cache (HIT), passed through to the origin (MISS), or revalidated (REVALIDATED).

CF-Connecting-IP or CF-Worker headers These appear in certain configurations, particularly when Cloudflare Workers are in use.

A More Verbose curl Command

For even more detail, use:

curl -v https://example.com 2>&1 | grep -i "cf-\|server:"

This filters the verbose output to show only Cloudflare-related headers and the server header, making it easier to spot the signals.

Method 3: Perform a DNS Lookup

Cloudflare's CDN works by routing traffic through its anycast network. When a domain uses Cloudflare, its DNS records typically resolve to IP addresses owned by Cloudflare rather than the origin server's actual IP.

Using dig

dig example.com

Look at the ANSWER SECTION of the output. You'll see one or more IP addresses. Cloudflare's IP ranges are publicly documented. Some common Cloudflare IP blocks include:

  • 104.16.0.0/13
  • 104.24.0.0/14
  • 172.64.0.0/13
  • 131.0.72.0/22
  • 2606:4700::/32 (IPv6)

If the resolved IP falls within any of these ranges, the site is almost certainly behind Cloudflare.

Using nslookup

nslookup example.com

The output will show the IP address(es) the domain resolves to. Cross-reference these against Cloudflare's published IP ranges, which you can find at https://www.cloudflare.com/ips/.

Checking the Nameservers

Another DNS-based signal is the nameservers themselves. If a domain has delegated DNS management to Cloudflare, you'll see Cloudflare nameservers:

dig NS example.com

Cloudflare nameservers typically follow the pattern *.ns.cloudflare.com, for example:

name.ns.cloudflare.com
vera.ns.cloudflare.com

Not all sites using Cloudflare's CDN use Cloudflare's nameservers (some use CNAME setups through their own DNS providers), but this is a strong signal when present.

Method 4: Check the SSL Certificate

Cloudflare issues SSL certificates for sites on its network, and these certificates carry distinctive characteristics.

Using openssl

openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -issuer -subject

Look at the issuer field. Certificates issued by Cloudflare will show something like:

issuer=C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3

Or for Universal SSL:

issuer=C=US, O=Let's Encrypt, CN=R3

Note that Cloudflare also uses Let's Encrypt certificates in some configurations, so this method is most useful when combined with other signals. The Subject Alternative Names (SANs) on Cloudflare's shared certificates often include multiple unrelated domains, which is another telltale sign.

Using a Browser

You can also check this directly in your browser:

  1. Navigate to the website
  2. Click the padlock icon in the address bar
  3. Click "Certificate" or "View Certificate"
  4. Look at the "Issued By" field — if it says Cloudflare, Inc., the site is using Cloudflare's SSL

Method 5: Analyze Response Headers in Browser DevTools

If you don't want to use the command line, your browser's developer tools give you the same information with a visual interface.

Step-by-Step in Chrome or Firefox

  1. Open the website you want to check
  2. Press F12 (or Ctrl+Shift+I / Cmd+Option+I on Mac) to open DevTools
  3. Click the Network tab
  4. Reload the page (Ctrl+R or Cmd+R)
  5. Click on the first request in the list (usually the HTML document itself)
  6. Click the Headers tab in the right panel
  7. Scroll down to the Response Headers section

Look for the same signals described in Method 2: CF-Ray, Server: cloudflare, and CF-Cache-Status. If any of these are present, Cloudflare is in use.

This approach is particularly handy when you're already browsing a site and want a quick check without switching to a terminal.

Method 6: Use the Cloudflare Trace Endpoint

Cloudflare exposes a special diagnostic endpoint on every domain it proxies. If you can access this endpoint, it's a definitive confirmation.

Simply navigate to:

https://example.com/cdn-cgi/trace

If the site is behind Cloudflare, you'll see a plain-text response like this:

fl=123f123
h=example.com
ip=203.0.113.45
ts=1698765432.123
visit_scheme=https
uag=Mozilla/5.0 (...)
colo=LHR
sliver=none
http=http/2
loc=GB
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519

Key fields to note:

  • colo: The Cloudflare data center that served the request (three-letter IATA airport code)
  • fl: Cloudflare's internal flight number
  • http: The HTTP protocol version used

If this URL returns a 404 or any non-Cloudflare response, the site is not using Cloudflare's proxy (though it might still use other Cloudflare products like DNS-only mode).

This is arguably the most reliable manual detection method because it requires no interpretation — if the endpoint responds, Cloudflare is actively proxying the traffic.

Method 7: Check for Cloudflare-Specific Cookies

When Cloudflare's bot protection or security features are active, it sets specific cookies on the client side. These are another fingerprint to look for.

Common Cloudflare cookies include:

  • __cfduid (deprecated but still seen on older configurations)
  • __cf_bm — Cloudflare Bot Management cookie
  • cf_clearance — Set after a visitor passes a Cloudflare challenge (like a CAPTCHA or JavaScript challenge)

To check for these:

  1. Open DevTools in your browser (F12)
  2. Go to the Application tab (Chrome) or Storage tab (Firefox)
  3. Expand Cookies in the left sidebar
  4. Look for cookies with the __cf_ or cf_ prefix

The presence of these cookies strongly suggests Cloudflare is managing traffic to the site.

How to Detect Cloudflare When It's Partially Configured

Not every Cloudflare deployment is in full proxy mode. Some sites use Cloudflare for DNS management only (indicated by a grey cloud in Cloudflare's dashboard, known as "DNS-only" mode). In this case:

  • The CF-Ray header will not be present in responses
  • The IP addresses will resolve to the origin server, not Cloudflare's network
  • The /cdn-cgi/trace endpoint will not work

However, you can still detect Cloudflare's involvement by checking the nameservers:

dig NS example.com

If the nameservers are *.ns.cloudflare.com, Cloudflare is managing DNS for the domain, even if it's not proxying traffic.

Combining Methods for Reliable Detection

No single method is 100% foolproof in every situation. Some sites use Cloudflare in unusual configurations, or they may strip certain headers. For the most reliable detection, combine multiple methods:

Method Reliability Effort
OpDeck Cloudflare Detection Tool Very High Very Low
CF-Ray header check Very High Low
/cdn-cgi/trace endpoint Very High Low
DNS IP range check High Medium
SSL certificate issuer Medium Medium
Cloudflare cookies Medium Low
Nameserver check Medium (DNS-only mode) Low

The Cloudflare Detection tool on OpDeck essentially runs many of these checks simultaneously and presents the results in one place, which is why it's the recommended starting point for most use cases.

Practical Scenarios and What to Look For

Scenario 1: You're a developer debugging a caching issue

Check the CF-Cache-Status header. A value of HIT means Cloudflare served a cached copy. If you're not seeing your latest changes, you may need to purge the Cloudflare cache. The Age header will also tell you how long the cached response has been stored.

Scenario 2: You're doing competitive research

Use the OpDeck tool for a quick check, then follow up with a DNS lookup to understand the full picture — whether they're using Cloudflare for proxying, DNS, or both.

Scenario 3: You're a security researcher

The /cdn-cgi/trace endpoint and header analysis will tell you which Cloudflare data center is handling traffic, what HTTP version is in use, and whether features like Cloudflare Gateway or WARP are active — all useful context before testing.

Scenario 4: You're auditing a client's website

Run the site through the OpDeck Cloudflare Detection tool as part of a broader infrastructure audit. It gives you a clear, shareable result that non-technical stakeholders can understand.

Conclusion

Detecting Cloudflare CDN on a website is straightforward once you know what to look for. The most definitive signals are the CF-Ray response header, the /cdn-cgi/trace endpoint, and IP addresses resolving to Cloudflare's known ranges. For a quick, reliable answer without any manual work, the Cloudflare Detection tool on OpDeck handles the heavy lifting for you — checking multiple signals at once and giving you a clear result in seconds.

Whether you're a developer, security researcher, or someone doing technical due diligence, understanding how to detect Cloudflare CDN on a website is a foundational skill for working with the modern web. Head over to OpDeck to run your first check, and explore the other tools available for deeper infrastructure and performance analysis.

Try these tools

Cache Inspector

Analyze and inspect cache headers and caching behavior of your website

Runtime Error Inspector

Detect JavaScript errors, failed requests, and console issues without opening DevTools

SEO Audit

Comprehensive SEO analysis to improve your search engine rankings

AI Content Analyzer

Analyze content quality, detect AI-generated text, and get improvement suggestions

Turbo Subscription

Unlock the full potential of OpDeck

Schedule reports on eligible tasks
Request new tools
Gain API access
Get priority in the queue
Already a subscriber?