Onion Routing and Tor support
Improve the Tor user experience by enabling Onion Routing, which enables Cloudflare to serve your website’s content directly through the Tor network and without requiring exit nodes.
| Free | Pro | Business | Enterprise | |
|---|---|---|---|---|
Availability | Yes | Yes | Yes | Yes |
Onion Routing helps improve Tor browsing as follows:
- Tor users no longer access your site via exit nodes, which can sometimes be compromised, and may snoop on user traffic.
- Human Tor users and bots can be distinguished by our Onion services, such that interactive challenges are only served to malicious bot traffic.
Tor Browser ↗ users receive an alt-svc header ↗ as part of the response to the first request to your website. The browser then creates a Tor Circuit to access this website using the .onion TLD service provided by this header.
You should note that the visible domain in the user interface remains unchanged, as the host header and the SNI are preserved. However, the underlying connection changes to be routed through Tor, as the UI denotes on the left of the address bar ↗ with a Tor Circuit. Cloudflare does not provide a certificate for the .onion domain provided as part of alt-svc flow, which therefore cannot be accessed via HTTPS.
To enable Onion Routing in the dashboard:
- Log in to your Cloudflare account ↗, and select your account and domain.
- Go to Network.
- For Onion Routing, switch the toggle to On.
To enable Onion Routing with the API, send a PATCH request with opportunistic_onion as the setting name in the URI path, and the value parameter set to "on".
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark