Cf.threat_score and clientTrustScore

In the spec for the firewall cf.threat_score:

This field represents a risk score, 0 indicates low risk as determined by Cloudflare. Values above 10 may represent spammers or bots, and values above 40 point to bad actors on the Internet. It is rare to see values above 60, so tune your firewall rules to challenge those above 10, and to block those above 50.

On workers you have access to cf.clientTrustScore.

Is cf.clientTrustScore similar to cf.threat_score with inverted scale?

Sorry, I actually don’t know anything about this field. :confused:

+1 I started loggin it and I see very strange results…
the docs say “It is rare to see values above 60” I am seeing a lot of clients with score of 80-81

my average score of all visitors is between 30-40 too much to make any sense

clientTrustScore
Yandex: 5-6
Google: 9-12
General User: 18-85

Are there any reliable docs on what this value is and if it will be sticking around?

1 Like

Haven’t found any. I am assuming based on logs.

now i am pretty sure clientTrustScore is just some random value
I was under really small attack, nothing serious.
same kid, one ip, same user agent, same url.

clientTrustScore value just just randomly changed during the attack:


the blue lines represent the score

the funny thing is Cloudflare even simulate this requests has it recognize he is using “HULK DDOS script” but the score random between 0 and peaked at 93

some request got score of 84 while 1 second latter it got 0