Cloudflare Docs
Cloudflare Fundamentals
Visit Cloudflare Fundamentals on GitHub
Set theme to dark (⇧+D)

/cdn-cgi/ endpoint

When you add a domain to Cloudflare, Cloudflare adds a /cdn-cgi/ endpoint (www.example.com/cdn-cgi/) to that domain.

This endpoint is managed and served by Cloudflare. It cannot be modified or customized. The endpoint is not used by every Cloudflare product, but you may find some products use the endpoint in its URL.

A few examples include (but are not limited to):

​​ Exclude from security scanners

Some scanners may display an error because certain /cdn-cgi/ endpoints do not have an HSTS setting applied to it or for similar reasons. Because the endpoint is managed by Cloudflare, you can ignore the error and do not need to worry about it.

To prevent scanner errors, omit the /cdn-cgi/ endpoint from your security scans.

​​ Disallow using robots.txt

/cdn-cgi/ also can cause issues with various web crawlers.

Search engine crawlers can encounter errors when crawling these endpoints and — though these errors do not impact site rankings — they may surface in your webmaster dashboard.

SEO and other web crawlers may also mistakenly crawl these endpoints, thinking that they are part of your site’s content.

As a best practice, update your robots.txt file to include Disallow: /cdn-cgi/.