Traffic detections
WAF traffic detections check incoming requests for malicious or potentially malicious activity. Each enabled detection provides one or more scores — available in the Security Analytics dashboard — that you can use in WAF rule expressions.
The WAF currently provides the following detections for finding security threats in incoming requests:
- WAF attack score
- Leaked credentials detection
- Malicious uploads detection
- Firewall for AI (beta)
- Bot score
Availability
Section titled “Availability”| Free | Pro | Business | Enterprise | |
|---|---|---|---|---|
Availability | Yes | Yes | Yes | Yes |
Malicious uploads detection | No | No | No | Paid add-on |
Leaked credentials detection | Yes | Yes | Yes | Yes |
Leaked credentials fields | Password Leaked | Password Leaked, User and Password Leaked | Password Leaked, User and Password Leaked | All leaked credentials fields |
Number of custom detection locations | 0 | 0 | 0 | 10 |
Attack score | No | No | One field only | Yes |
Firewall for AI (beta) | No | No | No | Yes |
For more information on bot score, refer to the Bots documentation.
Turn on a detection
Section titled “Turn on a detection”To turn on a traffic detection:
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > Settings.
- Under Incoming traffic detections, turn on the desired detections.
Enabled detections will run for all incoming traffic.
More resources
Section titled “More resources”For more information on detection versus mitigation, refer to Concepts.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark