All Vendors
analytics

Cloudflare Insights

Cloudflare Insights is an analytics vendor with a VRS of 80. Leverages Cloudflare CDN infrastructure to deploy comprehensive behavioral tracking with unique persistence advantages through edge cache coordination.

211 IOCs175 detections39% pre-consent134 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Cloudflare Insights discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

175 detections across 134 sites39% pre-consent activity
HIGH

Pre-Consent Activity

Cloudflare Insights was observed loading and executing before user consent was obtained on 39% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Customers visiting sites with Cloudflare Insights face CDN-level surveillance that operates beyond browser-based privacy controls. Behavioral data including page views, bot detection events, cache patterns, and edge responses are captured through server-side tracking state that persists after cookie deletion. This creates visitor profiles derived from infrastructure telemetry that inform competitor targeting even when users employ aggressive privacy protections.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Cloudflare Insights

  • Audit Cloudflare Insights deployment to verify no server-side tracking state persistence after consent rejection
  • Disable Cloudflare Zaraz tag manager or restrict to consent-conditional client-side execution only
  • Review Cloudflare Bot Management integration to prevent behavioral data sharing with Insights analytics
  • Implement edge cache header controls to prevent visitor ID coordination across CDN responses
  • Establish contractual restrictions on Cloudflare network intelligence data sharing with advertising partners

If You're Evaluating Cloudflare Insights

  • Request Cloudflare CDN deployment without Insights analytics or require strict first-party data isolation
  • Require contractual guarantee that edge cache state does not persist visitor tracking after consent rejection
  • Verify Cloudflare deployment does not use TLS fingerprinting or HTTP/2 characteristics for visitor reconnection
  • Assess alternative CDN providers (Fastly without analytics, AWS CloudFront with restricted telemetry) for comparison
  • Demand pricing concessions reflecting CDN-only deployment without analytics or tag management integration

Negotiation Leverage

  • VRS 80 classification with 100% CAC subsidization justifies significant discount if Insights analytics is permanently disabled
  • 100% legal tail risk from edge cache persistence demands indemnification for GDPR violations through server-side tracking bypass
  • Require contractual guarantee that CDN infrastructure does not persist visitor identification state beyond session lifetime
  • Request monthly attestation that Cloudflare network intelligence does not feed advertising partners or demand generation networks
  • Negotiate CDN-only deployment without Insights, Zaraz, or Bot Management behavioral data collection
Runtime Detections

Runtime Detections

8 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Cloudflare Insights tracking embedded in CDN responses bypasses client-side consent controls through server-side state management.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Mouse movements and scroll patterns captured via Cloudflare Bot Management integration, feeding engagement scoring models.

BTI-C07Session Recording

Full session replay

Impact: DOM capture enabled through Cloudflare Zaraz integration, recording visitor interactions across all CDN-served properties.

BTI-C08Cross-Domain Sync

Identity stitching

Impact: Visitor IDs synchronized across all Cloudflare-protected domains via edge cache coordination and HTTP header state.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: CDN-level tracking persists after cookie rejection through server-side visitor identification and edge cache state management.

BTI-C10Fingerprinting

Device identification

Impact: TLS fingerprinting and HTTP/2 characteristics used to reconnect visitors across cookie deletion via CDN infrastructure visibility.

BTI-C13Persistence Mechanisms

Long-lived identifiers

Impact: Edge cache state creates tracking persistence that survives cookie deletion, browser resets, and client-side privacy controls.

BTI-C15Tag Manager

Container/loader (neutral)

Impact: Cloudflare Zaraz tag manager deploys tracking infrastructure at CDN edge, bypassing client-side consent management platforms.

IOC Manifest

IOC Manifest

209 INDICATORS

Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.C4qcez97.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.q5gXQtNT.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.DRQLjlA2.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/SelectField.astro_astro_type_script_index_0_lang.UbxvuLrK.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.DjFF3Lks.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.B97_l7Yd.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.SQ0ibRiU.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/BlockCardContainerCarousel.astro_astro_type_script_index_0_lang.BTxHeC5Y.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/footerTop.astro_astro_type_script_index_0_lang.Dod7Meyt.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/index.astro_astro_type_script_index_1_lang.BQXZtTr5.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.C4opSW71.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/gtm.B8ZVZ1rr.js*
Tracking script
TRACK
*ot.www.cloudflare.com/ot/scripttemplates/otSDKStub.js*
Tracking script
EXFIL
*challenges.cloudflare.com/turnstile/v0/api.js*
Data collection endpoint
EXFIL
*challenges.cloudflare.com/turnstile/v0/b/*/api.js*
Data collection endpoint
TRACK
*ot.www.cloudflare.com/ot/consent/*-f072-4bae-*-*/*-f072-4bae-*-*.json*
Tracking script
TRACK
*www.cloudflare.com/_willow/uninav.C77AbWFU.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/client.Cgxsk4ri.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/_commonjsHelpers.CqkleIqs.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/events.jY-uenNb.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/embeddedForm.DSadulwm.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/getParentByAttribute.DD5T8VDJ.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/CardCarousel.XwwejNSB.js*
Tracking script
TRACK
*www.cloudflare.com/static/z/i.js*
Tracking script
TRACK
*www.cloudflare.com/_willow/index.CUdgKIr_.js*
Tracking script
TRACK
*ot.www.cloudflare.com/ot/scripttemplates/*.1.0/otBannerSdk.js*
Tracking script
TRACK
*www.cloudflare.com/go9u/*
Tracking script
TRACK
*cf-assets.www.cloudflare.com/dzlvafdwdttg/3UVjVIjkZ3xDGlhGbFR15N/*/build-scale-lottie.json*
Tracking script
TRACK
*www.cloudflare.com/static/z/s.js*
Tracking script
EXFIL
*cf-assets.www.cloudflare.com/dzlvafdwdttg/1vRtHa7tmWEewdVSpLYKC5/*/data__1_.json*
Data collection endpoint
EXFIL
*cf-assets.www.cloudflare.com/dzlvafdwdttg/UhRyCT3fmnh6UTeF2UYoh/*/data.json*
Data collection endpoint
TRACK
*ot.www.cloudflare.com/ot/consent/*-f072-4bae-*-*/*-*-76f1-*-*/en.json*
Tracking script
TRACK
*cf-assets.www.cloudflare.com/dzlvafdwdttg/5PJm7mw5YAsjSTZDuqwJhI/*/hero_orange_globe.json*
Tracking script
TRACK
cloudflareinsights.com
Tracking script
TRACK
static.cloudflareinsights.com
Tracking script
TRACK
www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.DRQLjlA2.js
Auto-extracted from scan
TRACK
www.cloudflare.com/go9u/
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.C4qcez97.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.DjFF3Lks.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.C4opSW71.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/SelectField.astro_astro_type_script_index_0_lang.UbxvuLrK.js
Auto-extracted from scan
EXFIL
challenges.cloudflare.com/turnstile/v0/api.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.B97_l7Yd.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/index.astro_astro_type_script_index_1_lang.BQXZtTr5.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.q5gXQtNT.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/index.astro_astro_type_script_index_0_lang.SQ0ibRiU.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/BlockCardContainerCarousel.astro_astro_type_script_index_0_lang.BTxHeC5Y.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/footerTop.astro_astro_type_script_index_0_lang.Dod7Meyt.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/gtm.B8ZVZ1rr.js
Auto-extracted from scan
TRACK
www.cloudflare.com/static/z/i.js
Auto-extracted from scan
TRACK
ot.www.cloudflare.com/ot/scripttemplates/otSDKStub.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/uninav.C77AbWFU.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/client.Cgxsk4ri.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/events.jY-uenNb.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/_commonjsHelpers.CqkleIqs.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/embeddedForm.DSadulwm.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/getParentByAttribute.DD5T8VDJ.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/CardCarousel.XwwejNSB.js
Auto-extracted from scan
EXFIL
challenges.cloudflare.com/turnstile/v0/b/d251aa49a8a3/api.js
Auto-extracted from scan
TRACK
ot.www.cloudflare.com/ot/scripttemplates/202503.1.0/otBannerSdk.js
Auto-extracted from scan
TRACK
www.cloudflare.com/_willow/index.CUdgKIr_.js
Auto-extracted from scan
TRACK
www.cloudflare.com/static/z/s.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Cloudflare Insights sits at the infrastructure layer where CDN services intersect with analytics. Deployments typically include Cloudflare CDN (content delivery), Bot Management (fraud detection), Zaraz (tag management), and Workers (edge compute). This infrastructure integration creates unique tracking persistence that is exceptionally difficult to detect or block through client-side controls.
Loads (4)
RedditShopping GoogleLinkedinDoubleclick
Loaded By (12)
33acrossGoogletagmanagerAudiencexBrandfetchDappradarDripInfolinksPoptinPathfactoryPropelleradsQualifiedSmartlead
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

211 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details