/cdn-cgi/rum as a vulnerability result

What is the name of the domain?

What is the issue you’re encountering

We recently ran a security test on our app and /cdn-cgi/rum came out as a critical vulnerability. I found out it is a part of Cloudflare Analytics. Is it somehow possible to fix it/switch it off?

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

I am worried what kind of piece of code from the Analytics (RUM) triggered the security scan to provide such results and how does the test measure this and report, however there is a way to disable it if you’re concernd about it.

You should turn the Web Analytics off for your zone at Cloudflare dashboard.

Following the steps from below article you could disable RUM:

3 Likes

Thank you for the answer, will try

Just for the complete info - sending the part of the scan result in attachment