CDN Checker
Paste HTTP response headers and we fingerprint the CDN / proxy / hosting platform from signature headers: cf-ray (Cloudflare), x-served-by (Fastly), x-amz-cf-id (CloudFront), x-akamai-* (Akamai), x-vercel-id (Vercel), x-nf-request-id (Netlify), and 8 more. Per-rule confidence scoring and a flat headers table showing which were used as signatures. 100% offline.
What is the CDN Checker?
CDN Checker is a header-signature fingerprinter. Every major CDN leaks identifying headers — Cloudflare's `cf-ray` is the canonical example, but each platform has its own: Fastly's `x-served-by` (with the distinctive `cache-XYZ-DDD` pattern), AWS CloudFront's `x-amz-cf-id` and `x-amz-cf-pop`, Akamai's `x-akamai-transformed` / `x-akamai-request-id` / `akamai-grn`, Vercel's `x-vercel-id` and `x-vercel-cache`, Netlify's `x-nf-request-id`, GitHub Pages' `x-github-request-id`, Bunny's `server: BunnyCDN` and `cdn-pullzone`, KeyCDN's `server: keycdn-engine`, Imperva's `x-iinfo`, Sucuri's `server: Sucuri/Cloudproxy`, Google Cloud CDN's `via: google-fe`, Azure Front Door's `x-msedge-ref` and `x-azure-ref`. We test each rule independently — multiple matches are common (e.g. Cloudflare in front of nginx). Each hit has a confidence level (high for distinctive signatures, low for shared like `server: nginx`). The flat headers table marks signature headers with a CDN badge so you can see exactly which leaked the platform.
How to use it
- Run `curl -I https://example.com`.
- Paste the response into the textarea.
- Read the headline — primary CDN and signature-header count.
- Matches list shows every detected platform with the evidence.
- The All-Headers table marks signature headers with a CDN badge.
Benefits
- 13 CDN / proxy platforms covered with documented signature headers.
- Multiple matches supported — common when a CDN fronts an nginx origin.
- Confidence scoring per match (high / medium / low).
- Signature headers marked in the All-Headers table.
- Evidence shown for each match — the header that triggered the rule.
- All-Headers table marks every signature header with a 'CDN' badge so the trigger is obvious.
- Settings persist in localStorage so a refresh doesn't lose your audit.
- Runs 100% in your browser — no DNS lookup, no third-party API.
Frequently asked questions
Why are multiple CDNs detected at once?
It's common to chain CDNs — Cloudflare in front of CloudFront in front of nginx, for example. We report every match so you see the full stack.
What if no CDN is detected?
Either the response is served direct from origin, or the CDN is configured to hide its signature headers (some operators strip them for security through obscurity). The All-Headers table shows everything we received.
Why is `server: nginx` only 'low' confidence?
nginx can be either the CDN or the origin web server. The header alone doesn't tell you which. Combined with the absence of other CDN signatures, it suggests direct-from-origin.
Does it detect Akamai's specific products?
Detection is at the CDN level. Akamai has many products (Edge DNS, ION, Image Manager) — we don't differentiate. The base detection covers all of them.
Why does CloudFront show `via: cloudfront`?
Standard CloudFront behaviour. The `Via` header lists every proxy that handled the request. CloudFront adds itself, AWS adds nothing else, so you see exactly `via: 1.1 abc.cloudfront.net`.
Can I add custom CDN rules?
The rule table lives in `lib/tools/text/cdn-fingerprint.ts`. Adding a new rule is one entry in the `RULES` array.
What about Cloudflare Workers vs static Cloudflare?
Both look the same from the response headers (cf-ray is present in both). Distinguishing requires looking at `cf-worker-name` (Workers) or specific behaviour patterns.
Does it detect WAF products separately?
Imperva and Sucuri are detected as WAF-fronting-the-origin. Cloudflare WAF is detected as Cloudflare (the WAF is part of the same platform, hard to distinguish from headers alone).
Why is the confidence 'medium' for Google Cloud CDN?
Google Cloud uses `via: google-fe`, but it's also possible to see `via: ...google...` on services that aren't Cloud CDN. We mark it medium to reflect the ambiguity.
Are my pastes saved?
Yes — input persists in localStorage.
Is anything uploaded?
No. Fingerprinting runs entirely in your browser.
Related tools
See all developer toolsHTTP Header Checker
Paste a response and audit security, caching, CORS and content headers.
Website Cache Checker
Paste HTTP response — deep Cache-Control + ETag + Vary + CDN-cache-status audit.
SSL Certificate Checker
Paste PEM — parse X.509 v3, days-till-expiry, SAN, key bits, SHA-256 fingerprint.
Canonical URL Checker
Paste HTML; audit canonical, og:url, twitter:url, hreflang and normalise URLs.