Detect the CDN and Web Application Firewall in front of a site from its response headers
• Enter a URL or bare hostname — http:// is assumed and redirects are followed
• Detection is header-based: absence of a fingerprint does not prove there is no CDN/WAF
• The evidence list shows exactly which response headers triggered each match
This tool fetches a site's HTTP response headers and matches them against known fingerprints for Content Delivery Networks and Web Application Firewalls. Vendors leave telltale headers — Cloudflare's cf-ray, Akamai's server banner, Imperva's incap cookies, Sucuri's x-sucuri-id — that reveal which edge layer sits in front of the origin.
It is useful for confirming a CDN is actually serving your traffic, checking whether a WAF is active before a security review, understanding a competitor's infrastructure, and debugging caching or blocking behavior that originates at the edge rather than the origin.
No. Detection relies on identifying headers, and some deployments strip or customize them. A negative result means no known fingerprint matched, not that the edge is definitely absent.
Each matched response header is listed as name: value — for example cf-ray for Cloudflare or x-iinfo for Imperva — so you can see exactly why a vendor was reported.
Yes. Many WAFs are delivered as part of a CDN edge (Cloudflare, Akamai), so the tool may report a CDN and a WAF from overlapping headers.