New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Audit Cloudflare configuration, WAF settings, and CDN security features.
Overview
Cloudflare provides powerful security features, but they need proper configuration. Our scanner checks for WAF enablement, bot management, security headers through Cloudflare, SSL mode, and whether the origin server is properly protected behind Cloudflare.
What this scanner does
Detects Cloudflare presence, checks SSL mode (Flexible vs Full Strict), tests for origin IP exposure, verifies WAF and bot management configuration, and checks Cloudflare-specific security headers and page rules.
Why it matters
Using Cloudflare in "Flexible" SSL mode creates a false sense of security — traffic between Cloudflare and your origin is unencrypted. An exposed origin IP lets attackers bypass Cloudflare entirely. Proper configuration is essential to benefit from Cloudflare's security features.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Configuration Audit
Check if your site has the right HTTP security headers to prevent common attacks.
Infrastructure Check
Audit Vercel-specific security settings, headers, and deployment configuration.
Infrastructure Check
Evaluate your site's resilience against distributed denial-of-service attacks.
