Unwanted api.js showing from cloudflare

This is the path - cdn-cgi/bm/cv/2172558837/api.js of the js which is being showin by cloudflare on my site. I have tried enabling and disabling many options.
Google page speed score is really low because of this JS.
I am using free plan.
I have already mailed cloudflare support.

These are some other community threads with the same issue


Is there anything listed at https://dash.cloudflare.com/?to=/:account/:zone/apps/installed-apps?

1 Like

No apps installed, i also disabled all settings in “scrape shield”

All right, then it does seem to be the Bot Management related issue. You best wait for support to respond.

They sent me a reply.
"Any script with the endpoint /cdn-cgi/ are cloudlfare internal endpoint. All Cloudflare zones have a set of /cdn-cgi/* paths on them that instead of routing to the clients website, will be redirected to a function. These functions print debugging information, or handle a request in a special way. There is no way to disable /cdn-cgi/* pages.

We use this path to serve multiple items e.g. - /cdn-cgi/images/retry.png is the retry button background for the Always Online banner or the endpoint /cdn-cgi/styles/cf.errors.css is the CSS styles for our error pages."

I have countered it, hoping to get it resolved

It is acurate that /cdn-cgi is a proxy specific path, however without an application these paths should not show up in your own HTML. This is what is happening, right?

Can you post the domain?

cannot post publicly unfortunately!
I will try to get it resolved with support and let you know the result here.

It will be Bot Management. You need to clarify why Cloudflare is adding that if your account is not on the Enterprise plan in the first place.

Yes, cloudflare support have escalated it to their senior dev team.
I will post the result here.

I have some problem and i found solution. Go to YOUR_DOMAIN, Firewall, and disable “JavaScript Detections” option. In my case this remove unwanted api.js code.