CNAME cloaking protection?

Does Cloudflare have any services that provide protection for CNAME cloaking?

1 Like

Protection against what? If it’s :orange: Proxied, then it looks like an “A” record without revealing the destination hostname. But the destination has to be ok with that. Some won’t work if it doesn’t behave like a standard CNAME.

2 Likes

Protection from this…Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique (thehackernews.com)

That’s a browser issue. It’s essentially a website masking external trackers within their own subdomain, which browsers typically wouldn’t mind because it’s coming from the same domain.

I believe NextDNS provides some level of protection for this as part of their “Block Disguised Third-Party Trackers” option…I was just curious if Cloudflare had anything similar.

That’s just a really big filter list of tracker hostnames. So you’re talking about Cloudflare’s 1.1.1.1 DNS service. Cloudflare doesn’t have a “Trackers” category, nor would I expect them to. It’s a very complex minefield.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.