Traffic detections

Traffic detections check incoming requests for malicious or potentially malicious activity. Each enabled detection provides one or more attributes classifying incoming requests. These attributes are available as filters in the Security Analytics dashboard, and use can use them in rule expressions.

Once enabled, detections are always on, even if there are no security rules configured with the attributes that detections provide. This means that you can use detection results in Security Analytics to identify traffic patterns and check for potentially malicious traffic. For example, you can analyze incoming traffic based on attack score, bot score, content scan results, or the presence of personally identifiable information (PII) in large language model (LLM) prompts.

Cloudflare currently provides the following detections for finding security threats in incoming requests:

• WAF attack score
• Leaked credentials detection
• Malicious uploads detection
• Firewall for AI (beta)
• Bot score

	Free	Pro	Business	Enterprise
Availability	Yes	Yes	Yes	Yes
Malicious uploads detection	No	No	No	Paid add-on
Leaked credentials detection	Yes	Yes	Yes	Yes
Leaked credentials fields	Password Leaked	Password Leaked, User and Password Leaked	Password Leaked, User and Password Leaked	All leaked credentials fields
Number of custom detection locations	0	0	0	10
Attack score	No	No	One field only	Yes
Firewall for AI (beta)	No	No	No	Yes

For more information on bot score, refer to the Bots documentation.

To turn on a traffic detection:

• Old dashboard
• New dashboard

1. Log in to the Cloudflare dashboard ↗, and select your account and domain.
2. Go to Security > Settings.
3. Under Incoming traffic detections, turn on the desired detections.

Enabled detections will run for all incoming traffic.

For more information on detection versus mitigation, refer to Concepts.