Skip to content
Bots
Visit Bots on GitHub
Set theme to dark (⇧+D)

Cloudflare bot plans

To learn more about features and functionality, select a plan.

FreeProBusinessBot Management for Enterprise

Business features

Plan nameSuper Bot Fight Mode
AvailabilityAll Business customers and Enterprise customers without Bot Management*
EnablementToggle in Firewall > Bots
Type of bots detectedSimple bots, headless browsers, and many sophisticated bots
ActionsCustomer chooses whether to allow, block, or challenge
AnalyticsDedicated Bot Analytics tool, available in the Firewall
Additional controlApplied to all traffic across a domain

*When users purchase Bot Management for Enterprise, Cloudflare automatically replaces and disables other bot products to prevent overlap.

Bot detection engines

Heuristics

The Heuristics engine processes all requests. Cloudflare conducts a number of heuristic checks to identify automated traffic, and requests are matched against a growing database of malicious fingerprints.

Machine learning

The Machine Learning (ML) engine accounts for the majority of all detections, human and bot. This approach leverages our global network, which proxies billions of requests daily, to identify both automated and human traffic. We constantly train the ML engine to become more accurate and adapt to new threats. Most importantly, this engine learns from traffic across all Cloudflare domains and uses these insights to score traffic while honoring our strict privacy standards.

The ML engine identifies likely automated traffic.

JavaScript detections

The JavaScript Detections (JSD) engine identifies headless browsers and other malicious fingerprints. This engine performs a lightweight, invisible JavaScript injection on the client side of any request while honoring our strict privacy standards. We do not collect any personally identifiable information during the process. The JSD engine either blocks, challenges, or passes requests to other engines.

JSD is completely optional. To adjust your settings, configure Super Bot Fight Mode from Firewall > Bots.

Notes on detection

Cloudflare uses the __cf_bm cookie to identify bots. For more details, see Understanding Cloudflare Cookies.

Considerations

Bot Fight Mode and Super Bot Fight Mode use the same underlying technology that powers our Bot Management product. Specifically, these products:

  • Protect entire domains without endpoint restrictions
  • Cannot be customized, adjusted, or reconfigured via Firewall Rules

Although these products are designed to fight malicious actors on the Internet, they may challenge API or mobile app traffic. For more granular control, upgrade to Bot Management for Enterprise.

How do I get started?

To get started, review our setup guides. If you have any questions, visit the community to engage with other Cloudflare users.