Cloudflare zones are assessed for Email Obfuscation (Scrape Shield) configuration by checking if it is enabled to protect email addresses on the website from automated harvesting by bots and spammers.
Risk
Without Email Obfuscation, email addresses displayed on your website can be harvested by bots.
- Confidentiality: harvested emails become targets for spam and phishing campaigns
- Integrity: employees may fall victim to targeted social engineering attacks
- Availability: increased spam volume can overwhelm email systems
Run this check with Prowler CLI
prowler cloudflare --checks zone_email_obfuscation_enabled
Recommendation
Enable Email Obfuscation as part of anti-scraping protections.
- Automatically encodes email addresses to prevent bot harvesting
- Email addresses remain visible and clickable for human visitors
- Works with mailto: links and plain text email addresses
- Part of the Scrape Shield feature set for comprehensive protection
Remediation
Terraform
Other
- Log in to the Cloudflare dashboard and select your account and domain
- Go to Scrape Shield (or Security > Settings in newer UI)
- Scroll to Email Address Obfuscation
- Toggle the setting to On
- Verify that email addresses still work correctly for human visitors
Source Code
Resource Type
Zone