Email obfuscation not working anymore

Hello all,

Email obfuscation is no longer working across my site. Here is the URL:
(Can search the source code for to find the email.)

• The scrape shield is active
• The proxy on my domain is active
• MIME type is text/html according to content-type header
• Cache-control header lacks “no-transform”
• The email is displayed within a span tag

And just in case it’s relevant, I have the following in my .htaccess:

AddDefaultCharset UTF-8
ServerSignature Off

Header set X-XSS-Protection “1; mode=block”
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Referrer-Policy “no-referrer-when-downgrade”

Are there any other known conflicts with WordPress plugins, or any other ideas for what to look into?


If you’re asking about the nate address at the bottom, it’s not an href.

It’s in <span> tag, it should work, but it’s not working from my side too


It’s not even a link, so if there’s no href, I guess it won’t work.

The documentation only mentions it won’t work on any HTML tag attribute except href, but if the email address is located inside <tag>[email protected]</tag> it should work. Or did I miss something?

Docs sure make seem like it won’t be obfuscated most of the time. If NOT in href, and NOT if it’s in a bunch of other tags. Seeing how it’s not a link on the page, my suggestion would be to make it a mailto: href and see if it kicks in.

1 Like

I will try to do this and see what happens and report back. Thanks guys.

1 Like

This seems like the correct way.

1 Like

Ok, I have replaced the span tag with an anchor tag as this:

<a href="mailto:[email protected]" class="uagb-icon-list__label">[email protected]</a>

And now the address in the href attribute only is obfuscated in the source code, but the text [email protected] is still there as this:

<a href="/cdn-cgi/l/email-protection#2b454a5f4e6b4c44584e44454c4c5e5205484446" class="uagb-icon-list__label">[email protected]</a>

So something is kicking in now, but is this expected behavior? Or should I not be seeing my address at all in the source code? Did I do this correctly?

It should be obfuscating everything.

What if you do this:

<a href="mailto:[email protected]" class="uagb-icon-list__label"><span>[email protected]</span></a>

Thanks but that results in the following source code:

<a href="/cdn-cgi/l/email-protection#5a343b2e3f1a3d35293f35343d3d2f2374393537" class="uagb-icon-list__label"><span>[email protected]</span></a>

I will add that all my A records and CNAME records are proxied, except for the “mail” A record and MX which are “DNS only”. But I don’t think this matters.

1 Like

Hi there, that should work. I’m however not sure if the label/text of a link would also be obfuscated. Checking the What is Email Address Obfuscation? – Cloudflare Help Center article, it seems like it should. When you tried it without the <span> tag, was there any difference?

He tried it and the result is the same.

Any other ideas of why this might not be working?

I have found the problem/solution. There were no console errors, however it seems that the Astra theme was still generating broken HTML pertaining to a search item added to the header menu. When I remove the search item, CF’s email obfuscation works as expected.

Takeaway is that among the other items to consider in the troubleshooting article, also the HTML syntax needs to not be broken.

Thanks everyone.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.