Is there a way to obtain the threat score by header?

If I understand correctly cloudflare assigns a threat score to each visitor. Is there a way to obtain this at the origin.

We currently have recpatcha on our registration form which seems redundant if cloudflare is already performing a similar test.

Why not create a Firewall Rule on that form URL triggered by scores?

But to answer your question, no. Not in the headers. There are many threads here on the topic.

I did search for quite a while but clearly I’m not using the right terms.

The registration form is a popup on the homepage. We don’t want to block people from signing up, just ensure that we perform extra manual checks on them.

If that’s the case then I guess the only way would be to add keys to “threat score” blocked/allowed pages and test from the form but that’s too much effort.

Seems like an odd design decision to me.

You could take advantage of the new Transform rules Modify HTTP request headers with Transform Rules (

Visit Geekzone User IP information and check the ThreatScore there.


Also note - in my case I just have a firewall rule to BLOCK any request with a Threat Score GE 2 anyway.

Perfect! No idea how I missed this.

Thank you

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.