Traffic detections
Traffic detections check incoming requests for malicious or potentially malicious activity. Each enabled detection scores or classifies requests by populating one or more fields. These fields appear as filters in the Security Analytics dashboard, and you can use them in rule expressions.
Detections are always on once enabled, even if you have not configured any security rules that use them. You can review detection results in Security Analytics to identify traffic patterns and spot potentially malicious traffic. For example, you can analyze traffic based on attack score, bot score, content scan results, or the presence of personally identifiable information (PII) in large language model (LLM) prompts.
Cloudflare provides the following detections:
- WAF attack score
- Leaked credentials detection
- Malicious uploads detection
- AI Security for Apps
- Bot score
| Free | Pro | Business | Enterprise | |
|---|---|---|---|---|
Availability | Yes | Yes | Yes | Yes |
Malicious uploads detection | No | No | No | Paid add-on |
Leaked credentials detection | Yes | Yes | Yes | Yes |
Leaked credentials fields | Password Leaked | Password Leaked, User and Password Leaked | Password Leaked, User and Password Leaked | All leaked credentials fields |
Number of custom detection locations | 0 | 0 | 0 | 10 |
Attack score | No | No | One field only | Yes |
AI Security for Apps | No | No | No | Yes |
For more information on bot score, refer to Bot scores.
To turn on a traffic detection:
-
In the Cloudflare dashboard, go to the Security Settings page.
Go to Settings -
Filter by Detection tools.
-
Turn on the desired detections.
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > Settings.
- Under Incoming traffic detections, turn on the desired detections.
Enabled detections will run for all incoming traffic.
For more information on detection versus mitigation, refer to Concepts.