public diagnostic tool

WAF detector for public HTTP signals

Check response status, headers, cookies, and a small body sample for common WAF, CDN, and anti-bot fingerprints. Results are evidence based, not a promise about enforcement.

Public http(s) URLs only. Private network and localhost targets are rejected.
latest diagnosis

preview output

run a check to replace the preview
detected providernone

https://example.com/

confidence18%

observational confidence from observable public signals

status200

reachable / OK

signals

2
  • No high-confidence WAF headers were present in the sampled response.
  • Standard public HTTP response completed successfully.

headers

2
serverexample-edge
content-typetext/html; charset=utf-8

recommendations

reliability
  • Use this as a quick first pass, then confirm with your own edge and WAF logs.
  • Run checks from several networks if the site uses regional routing or split traffic.
search notes

Identify public WAF and CDN signals before extraction

The WAF detector checks observable response signals from a public URL and groups them into provider hints with confidence scoring. It is built for diagnosis, monitoring design, and reliability planning.

What it checks

  • Cloudflare, DataDome, Akamai, PerimeterX/HUMAN, Imperva, Fastly, CloudFront, and Vercel hints
  • Status category, response headers, cookies, and small body fingerprints
  • Confidence score and plain-language signal list
  • Recommendations for monitoring reliability and browser/session testing

Use cases

  • Find protected B2B catalog pages before building a supplier monitor
  • Explain why a direct HTTP script works on one site and fails on another
  • Build a target inventory grouped by CDN or WAF behavior
  • Prepare a technical discovery note for a scraping or data API prospect

Limitations

  • Providers can change signals or hide them behind regional routing.
  • A CDN signal does not always mean a bot challenge is active.
  • The detector reads public signals only and does not authenticate or solve challenges.
faq

Common questions

How can I detect Cloudflare or DataDome on a site?

Look for provider-specific headers, cookies, status patterns, and challenge-page text. This tool checks those public signals and reports a confidence score.

Is a WAF detector the same as a scraper?

No. A WAF detector is a diagnostic tool. It helps decide how to test reliability, not extract protected data by itself.

Why does a WAF signal matter for SEO or data monitoring?

A WAF signal can affect how often a monitor succeeds, whether browser rendering is required, and how carefully retries, sessions, and alerting should be designed.

related tools
Scrapability testStructured data extractorRobots.txt analyzer