Plans — Bot Management for EnterpriseTo learn more about features and functionality, select a plan.
Bot Management for Enterprise Features
|Plan name||Bot Management for Enterprise|
|Availability||Added to Enterprise plans by your account team|
|Enablement||Quick onboarding with help from our Solutions Engineering team|
|Type of bots detected||Simple and sophisticated bots, headless browsers, and domain-specific anomalies|
|Actions||Customer chooses from several options, including block, CAPTCHA challenge, and JS challenge|
|Analytics||Dedicated Bot Analytics tool, available in the Firewall|
|Additional control||Ability to restrict by path, IP address, and more. Access to bot score, JA3 fingerprint, and bot tags fields.|
Bot detection engines
HeuristicsThe Heuristics engine processes all requests. Cloudflare conducts a number of heuristic checks to identify automated traffic, and requests are matched against a growing database of malicious fingerprints.
The Heuristics engine immediately gives automated requests a score of one.
The Machine Learning (ML) engine accounts for the majority of all detections, human and bot. This approach leverages our global network, which proxies billions of requests daily, to identify both automated and human traffic. We constantly train the ML engine to become more accurate and adapt to new threats. Most importantly, this engine learns from traffic across all Cloudflare domains and uses these insights to score traffic while honoring our .
The ML engine produces scores 2 through 99.
The Anomaly Detection (AD) engine is an optional detection engine that uses a form of unsupervised learning. Cloudflare records a baseline of your domain’s traffic and uses the baseline to intelligently detect outlier requests. This approach is user agent-agnostic and can be turned on or off by your account team.
JSD is enabled by default but completely optional. To adjust your settings, open the Bot Management Configuration page from Security > Bots.
Cloudflare serviceCloudflare Service is a special Bot Score source for Enterprise Zero Trust to avoid false positives.
A bot score of 0 means Bot Management did not run on the request. Cloudflare does not run Bot Management on internal service requests that Bot Management has no interest in blocking.
Workers subrequests from one Cloudflare zone to another Cloudflare zone do compute a bot score as it does not consider a site hosted on Cloudflare as internal.
Notes on detectionCloudflare uses the
__cf_bm cookieto identify bots. For more details, refer to .