Are there plans for Cloudflare to provide a browser signature in the request headers?
I don’t think so, but can you clarify what your objective is? We might have other solutions.
Hi Ryan
Basically browser fingerprinting that could be used for fraud detection - we already do a few checks when people register - stopforumspam, IP address, geolocation but fingerprinting would give us an edge.
Are you looking for something other than user-agent?
Yes… Something like this GitHub - mattbrailsford/imprintjs: [INACTIVE] Javascript library for browser fingerprinting or GitHub - fingerprintjs/fingerprintjs: Browser fingerprinting library. Compared to Fingerprint Pro has limited accuracy (40 - 60%), but is fully open source. but that could come in request headers.
For example test page for the first code ImprintJs and my own test page https://www.geekzone.co.nz/testbrowser.asp
I also would like to see a request header with Cloudflare’s assessment of a browser (as in Bad, BOT, Clear) or similar.
Those two things would help a lot in terms of security/safety…
It’s a balancing act. We want to be as transparent as possible, but also don’t want to give bad actors any help figuring out how our systems work.
What I can confirm is that we are looking into providing additional scoring specifically geared toward bots. Just can’t give any specifics. But I’ve passed along your feedback.