Unwanted api.js from Cloudflare

Hi,

Cloudflare includes a script in my page and the script slows down the google pagespeed. Following code is inserted in the head:

< script async src=’/cdn-cgi/bm/cv/2172558837/api.js’>

And following in the body:

< script type=“text/javascript”>
(function(){
window[’__CF$cv$params’]={
r:‘5aae2739bee98f31’,m:‘4ac5f66905515d99134959e44c05460c01cf6954-1593418039-1800-AeTc7MsFuqxv6KE8OiefFHIHvtzq0PapyWm3uv5U2Afh/DtUVuOAMQ7TqcH7Qdpz4lmPLypJpNAccMEbYXgJZkxMvjrCtkOi9CEXB71+W8ONqW3p4FBJPfnDouxwwTBcnRHEmdUIMh5mgKIXl90LLvM=’,s:[0xac3dfc4c82,0xc58dfa45b6],}
}
)();

I don’t use apps and disabled all possible cloudflare settings but without success. When I call the site from my computer there is no extra code included, but yandex/webpagetest.org und google page speed show me the extra code.

There is already a thread with the same problem, but it is already closed: Strange code showing on my site

The “Bot Fight Mode” is disabled on my page.

This code really slows down my page and I want to keep a high pagespeed score, but with this code included it is not possible. I also don’t know for what this code is for. Any hints?

Do I need to create a ticket to remove the unwanted code from my site or is there another solution?

Best regards

What plan level are you on? As that thread suggests, it looks like Bot Management, but that’s an Enterprise feature.

A wild guess would be something from Scrape Shield, like email obfuscation, but that generally shows up as a different script. And it should show up for all browsers.

Another guess is a firewall rule. Do you have any of those set up?

I forgot to mention that I am on the free plan.

Email obfuscation is deactivated and there are no firewall rules defined.
I also tried setting the security level to “essentially off”.

For 2 or 3 hours there have not been any additional javascript on my site. It disappeard. Didn’t change anything. I’m curios if this will last longer.

1 Like