Is cloudflare.net legit?
Cloudflare.net is a highly trusted and legitimate site with excellent security and infrastructure. While there are a couple of minor points like the large number of external scripts and a lack of Wayback Machine history, these are overshadowed by its strong overall performance and critical role in internet infrastructure.
SaaS average: 81/100 · based on 62 sites
Checked: April 21, 2026 at 10:18 AM UTC
Is cloudflare.net a scam? Here's what we found.
The site uses modern TLS 1.3 with a valid certificate and is clean according to Google Web Risk, indicating a strong security posture. However, the high number of external scripts introduces a slight increase in potential attack vectors.
With over 17 years of age and being registered by Cloudflare itself, the domain has a very strong and clear identity. The domain expiry date is also far in the future, signaling long-term commitment.
The site enjoys an exceptionally high Tranco rank, indicating significant global traffic and established presence. It is clean on all DNS blacklists, but the absence of Wayback Machine archives is a minor historical anomaly for such an old domain.
The site provides clear contact information, essential legal pages, and a presence on multiple social media platforms, demonstrating good transparency. The branding is basic, lacking social sharing metadata, but this is a minor aesthetic point.
The presence of both a privacy policy and terms of service pages meets essential compliance requirements for a legitimate online entity. This indicates a commitment to user rights and legal obligations.
The infrastructure is robust, featuring DNSSEC, multiple IP resolutions, and comprehensive email authentication with SPF and DMARC. The use of Cloudflare's own nameservers and server further solidifies its foundational stability.
Signals Detected
This is one of the most visited websites globally
No structured data markup found
Excessive number of external scripts — may indicate malicious injection
This business has no Trustpilot presence — not unusual for smaller or newer companies
Domain created 2009-02-17T22:08:05Z (17 years, 5 months ago)
Registered through Cloudflare, Inc.
Expires in 2494 days
DNSSEC status from WHOIS
Valid certificate, expires in 69 days
Certificate issued by Let's Encrypt
Connection uses TLS 1.3
Resolves to: 2606:4700::6810:d05a, 2606:4700::6811:9c55, 104.17.156.85, 104.16.208.90
Mail servers: mailstream-canary.mxrecord.io., mailstream-east.mxrecord.io., mailstream-west.mxrecord.io., mailstream-central.mxrecord.mx.
Domain has SPF email authentication configured
Domain has DMARC email authentication configured
DNS providers: ns1.cloudflare.net., ns2.cloudflare.net., ns3.cloudflare.net., ns4.cloudflare.net., ns5.cloudflare.net.
crt.sh returned status 429
Site enforces HTTPS via HSTS
Web server: cloudflare
No threats detected by Google Web Risk
Site has a favicon but no social sharing metadata
robots.txt has 12 directives
No sitemap found — common for smaller sites
Not found on any DNS blacklists
No snapshots found in the Wayback Machine — site may be very new
Website is live and responding
Website appears to have contact information
Website has both privacy policy and terms of service pages
Website links to multiple social media platforms
Fast page load
Embed This Badge
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.