Free tool
What is protecting this website?
Enter a URL and we will fingerprint the WAF, CDN and anti-bot vendor in front of it, from response headers, cookies, and TLS, HTTP/2 and DNS signals. No sign-up.
Tip: try a site you know uses DataDome or Cloudflare.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Coverage
What it detects
How it works
Passive fingerprinting, no login
One request
We fetch the URL once and read its response: status, headers, Set-Cookie and body markers.
Network signals
In parallel we fingerprint the TLS handshake, HTTP/2 settings and DNS, which often give a vendor away even when headers do not.
Every match
We score each provider and return all of them, so a bot manager hiding behind a CDN still shows up, not just the top hit.
FAQ
Questions
What is a WAF detector?+
It fingerprints the web application firewall, CDN or anti-bot vendor sitting in front of a website. The tool inspects response headers, cookies, body markers and TLS, HTTP/2 and DNS signals for a URL, then reports which provider it matches.
Which providers can it detect?+
CDNs and WAFs including Cloudflare, Akamai, AWS, Fastly, Vercel, Azure, F5, Imperva/Incapsula, ModSecurity, Sucuri, Radware and FortiWeb, plus the modern bot managers DataDome, Kasada and PerimeterX.
How accurate is it?+
Detection is passive and signature based, so it is accurate when a provider leaves identifying markers. A site can run more than one layer, for example a bot manager behind a CDN, and the tool surfaces every provider it finds.
Does this bypass the protection?+
No. The detector only identifies what is protecting a site. If you need to generate valid Incapsula or DataDome tokens from a single HTTP request, that is what the DISASM API does.
Is it free?+
Yes, with no sign-up. It is rate limited per IP so it stays available for everyone.