Traffic detections
Traffic detections check incoming requests for malicious or potentially malicious activity. Each enabled detection provides one or more scores — available in the Security Analytics dashboard — that you can use in rule expressions.
Cloudflare currently provides the following detections for finding security threats in incoming requests:
- WAF attack score
- Leaked credentials detection
- Malicious uploads detection
- Firewall for AI (beta)
- Bot score
| Free | Pro | Business | Enterprise | |
|---|---|---|---|---|
Availability | Yes | Yes | Yes | Yes |
Malicious uploads detection | No | No | No | Paid add-on |
Leaked credentials detection | Yes | Yes | Yes | Yes |
Leaked credentials fields | Password Leaked | Password Leaked, User and Password Leaked | Password Leaked, User and Password Leaked | All leaked credentials fields |
Number of custom detection locations | 0 | 0 | 0 | 10 |
Attack score | No | No | One field only | Yes |
Firewall for AI (beta) | No | No | No | Yes |
For more information on bot score, refer to the Bots documentation.
To turn on a traffic detection:
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > Settings.
- Under Incoming traffic detections, turn on the desired detections.
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > Settings and filter by Detections.
- Turn on the desired detections.
Enabled detections will run for all incoming traffic.
For more information on detection versus mitigation, refer to Concepts.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark