💭 Email Address Obfuscation · Cloudflare Web Application Firewall (Waf) Docs
Waylon Walker
Learning in Public @_WaylonWalker
Tags
Note
This post is a thought. It's a short note that I make about someone else's
content online. Learn more about the process
thoughts
Here's my thought on 💭 Email Address Obfuscation · Cloudflare Web Application Firewall (WAF) docs
I recently started seeing email-decode.min.js show up on my blog posts, and I wondered what the heck ? I didn't put it there. Turns out that cloudflare put it there from pages to safely serve email addresses for me.
inspecting the page without js running we can see that the mailto email is swapped out for email protected. Neat feature.
❯ curl --silent https://waylonwalker.com/diskcache-as-debounce/ | grep email <a class="decoration-pink-500 hover:decoration-pink-300 hover:text-pink-100" href="/cdn-cgi/l/email-protection#a4ccc1c8c8cbe4d3c5ddc8cbcad3c5c8cfc1d68ac7cbc9" rel="me"><span class="__cf_email__" data-cfemail="630b060f0f0c2314021a0f0c0d14020f0806114d000c0e">[email protected]</span></a> <script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
Looking deeper into this article it looks like this feature comes from Scrape Shield and enabling Email Address Obfuscation.
This post was a thought by Waylon Walker see all my thoughts at https://waylonwalker.com/thoughts