Cloudflare Zone Browser Integrity Check Is Enabled
zone_browser_integrity_check_enabled
Cloudflare zones are assessed for Browser Integrity Check configuration by verifying that HTTP headers are analyzed to identify requests from bots or clients with missing/invalid browser signatures.
Risk
Without Browser Integrity Check, malformed or suspicious requests reach the origin.
- Confidentiality: basic bots can access and scrape content without challenge
- Integrity: requests with invalid headers may exploit application vulnerabilities
- Availability: automated traffic without browser signatures consumes resources
Run this check with Prowler CLI
prowler cloudflare --checks zone_browser_integrity_check_enabled
Recommendation
Enable Browser Integrity Check to filter basic bot traffic.
- Validates HTTP headers to identify non-browser requests
- Challenges requests with missing or invalid browser signatures
- Enabled by default on most Cloudflare plans
- Low impact on legitimate users with standard browsers
Remediation
Terraform
Other
- Log in to the Cloudflare dashboard and select your account and domain
- Go to Security > Settings
- Enable Browser Integrity Check
- This feature is enabled by default on most Cloudflare plans
Source Code
Resource Type
Zone