We recently ran a security test on our app and /cdn-cgi/rum came out as a critical vulnerability. I found out it is a part of Cloudflare Analytics. Is it somehow possible to fix it/switch it off?
Was the site working with SSL prior to adding it to Cloudflare?
I am worried what kind of piece of code from the Analytics (RUM) triggered the security scan to provide such results and how does the test measure this and report, however there is a way to disable it if you’re concernd about it.
You should turn the Web Analytics off for your zone at Cloudflare dashboard.