How to Detect if a Website Uses a CDN (2026 Guide)

Q: How can I tell if a website uses a CDN?

The fastest way is to use Web Reveal—a free scanner that detects the CDN and full tech stack of any URL in seconds. Manually, check the HTTP response headers for CDN-specific headers such as CF-Ray (Cloudflare), X-Served-By (Fastly), X-Cache (Akamai/CloudFront), or perform a DNS lookup to see if the domain's A records resolve to a known CDN IP range.

Q: How do I detect Cloudflare on a website?

The definitive Cloudflare signal is the CF-Ray response header, which is present on every Cloudflare-proxied response. Other indicators include cf-cache-status, CF-Cache-Status, and Server: cloudflare headers. DNS lookups will also show A records resolving to Cloudflare's IP ranges (104.16.0.0/13 and others) for orange-cloud proxied domains.

Q: What is the difference between a CDN and a hosting provider?

A hosting provider stores the origin website files and runs the web server that generates responses. A CDN (Content Delivery Network) sits in front of the origin and caches content at edge locations around the world, serving responses from the nearest point of presence to the visitor. Some services like Cloudflare and Fastly act as both a CDN and a security layer (DDoS protection, WAF). A site can use both a hosting provider and a CDN simultaneously.

Q: Can a website hide which CDN it uses?

Partially. CDN-identifying response headers can be suppressed in custom configurations. However, DNS CNAME records pointing to CDN domains, IP address WHOIS data resolving to CDN ASNs, and TCP/TLS fingerprinting patterns are difficult to fully hide, so automated scanners can often still identify the CDN provider.

Why Detect a Website's CDN?

Identifying the CDN behind a website is useful across a range of professional scenarios:

Infrastructure benchmarking: Understand which CDN providers your competitors or industry peers rely on for performance and availability.
Security analysis: Determine whether a site uses Cloudflare or another CDN for DDoS protection and WAF capabilities, which affects its attack surface.
Sales and partnerships: Target companies using specific CDN providers with migration offers, complementary tooling, or integration services.
Technical due diligence: Assess the infrastructure maturity and geographic reach of an acquisition target.
Developer research: Identify which CDN a high-traffic site uses before replicating a similar architecture.

Fastest Method: Free Scanner Tool

The quickest way to identify a website's CDN is to use Web Reveal—a free technology scanner that detects the CDN, hosting provider, and full technology stack of any URL in seconds. Web Reveal identifies Cloudflare, Fastly, Akamai, Amazon CloudFront, BunnyCDN, jsDelivr, Vercel Edge Network, Netlify CDN, and many other CDN providers automatically.

Simply enter the website URL on the Web Reveal homepage. The CDN is listed under the Infrastructure section of the results alongside the hosting provider and server technology.

The Web Reveal Chrome extension detects the CDN passively as you browse, displaying it in the toolbar without any manual scanning step.

HTTP Response Headers

HTTP response headers are the most reliable manual method for identifying a CDN. Every CDN injects at least one distinctive header into its responses that identifies the provider or the caching layer.

To inspect response headers without installing any tools:

Open browser developer tools (F12) and go to the Network tab.
Reload the page.
Click on the first document request (the HTML page itself, usually at the top of the list).
Select the Headers tab and scroll to the Response Headers section.

CDN-specific headers are described in the next section.

CDN-Specific Header Signatures

Cloudflare

Cloudflare is the most widely deployed CDN and reverse proxy. Its definitive signal is:

CF-Ray: <hash>-<airport-code> – Present on every Cloudflare-proxied response. The airport code identifies the edge data centre that served the request (e.g., CF-Ray: 8a1b2c3d4e5f-LHR for London Heathrow).
cf-cache-status: HIT / MISS / BYPASS – Cloudflare's cache status for the response.
Server: cloudflare – The Server header value on many Cloudflare responses.

Fastly

X-Served-By: cache-<node>-<location> – Identifies the Fastly cache node that served the request.
X-Cache: HIT or X-Cache: MISS – Fastly's cache status header.
X-Cache-Hits: 1 – The number of times the cached response has been served.
Fastly-Debug-Digest – Present in debug mode; a strong Fastly indicator.

Akamai

X-Check-Cacheable: YES – An Akamai-specific cacheability indicator.
X-Akamai-Transformed – Present when Akamai's image or content transformation is active.
X-Cache: TCP_HIT or TCP_MISS – Akamai uses TCP_ prefixes in its X-Cache values, distinguishing it from Fastly.
Akamai-GRN – Akamai's global request identifier.

Amazon CloudFront

X-Cache: Hit from cloudfront or Miss from cloudfront – The most distinctive CloudFront signal.
Via: 1.1 <hash>.cloudfront.net (CloudFront) – The Via header identifies the CloudFront proxy node.
X-Amz-Cf-Id – CloudFront's unique request identifier.
X-Amz-Cf-Pop – Identifies the CloudFront Point of Presence that served the request.

Vercel and Netlify Edge Networks

X-Vercel-Cache: HIT / MISS – Vercel's edge cache status.
X-Vercel-Id – Vercel's request identifier.
x-nf-request-id – Netlify's request identifier.
server: Netlify – The Server header value on Netlify responses.

DNS Lookup and CNAME Analysis

For CDNs that proxy traffic (like Cloudflare in orange-cloud mode), the domain's A records will resolve to the CDN's IP ranges rather than the origin server. For CDNs used purely for asset delivery (like CloudFront or jsDelivr), the asset URLs themselves will contain a CDN subdomain.

To perform a DNS lookup, use an online tool such as MXToolbox or run the following command in a terminal:

dig example.com +short

If the result is a CNAME pointing to *.cdn.cloudflare.net or an A record in Cloudflare's IP ranges (e.g., 104.16.x.x, 172.67.x.x), the site uses Cloudflare.
A CNAME pointing to *.cloudfront.net confirms Amazon CloudFront.
A CNAME pointing to *.fastly.net or *.global.fastly.net confirms Fastly.
A CNAME pointing to *.akamaiedge.net, *.akamai.net, or *.edgesuite.net confirms Akamai.
A CNAME pointing to *.b-cdn.net confirms BunnyCDN.

IP Address and ASN Lookup

If the domain resolves directly to an IP address rather than a CNAME, you can identify the CDN by looking up the ASN (Autonomous System Number) of that IP address. Each CDN operates its own ASN:

Cloudflare: AS13335
Fastly: AS54113
Akamai: AS20940 (and others)
Amazon CloudFront: AS16509 (shared with AWS)
BunnyCDN: AS198414

Look up the IP ASN at BGP Hurricane Electric or using whois <IP> in a terminal. If the ASN matches a known CDN, the site is served through that network.

Asset URL Patterns

Even when the main domain does not reveal a CDN, static assets (images, scripts, fonts) are often served from a CDN subdomain or a separate CDN domain. View the page source and look for asset URLs containing:

*.cloudfront.net – Amazon CloudFront asset delivery.
cdn.jsdelivr.net – jsDelivr, a free CDN for open-source packages.
cdnjs.cloudflare.com – Cloudflare's public CDN for open-source libraries.
*.imgix.net – Imgix, an image CDN and transformation service.
*.bunnycdn.com or *.b-cdn.net – BunnyCDN asset delivery.
*.azureedge.net – Azure CDN (Microsoft).

A site may use one CDN for its main domain (e.g., Cloudflare for HTML and security) and a different CDN for its static assets (e.g., CloudFront for images stored in S3). Web Reveal identifies all CDNs active on a page in a single scan.

When the CDN Is Hidden

Some organisations suppress or rename CDN-identifying headers in their CDN configuration to reduce information exposure. Common approaches include:

Removing CF-Ray or other CDN headers via Transform Rules (Cloudflare) or Edge Configuration (Fastly).
Using a custom Server header value to replace the CDN default.
Routing all asset requests through a first-party subdomain that proxies to the CDN.

Even with header suppression, DNS CNAME records, IP ASN lookups, and TLS certificate Subject Alternative Names (SANs) often still expose the underlying CDN. Automated scanners like Web Reveal combine all of these signals to identify CDNs even when response headers have been customised.

Frequently Asked Questions

How can I tell if a website uses a CDN?

Use Web Reveal for an instant automated result. Manually, inspect the HTTP response headers in browser developer tools—look for CF-Ray (Cloudflare), X-Served-By (Fastly), Via: cloudfront (CloudFront), or perform a DNS lookup to check if the domain resolves to a known CDN IP range.

How do I detect Cloudflare on a website?

The definitive signal is the CF-Ray response header, which is present on every Cloudflare-proxied response. Also look for cf-cache-status and Server: cloudflare. A DNS lookup showing A records in Cloudflare's IP ranges (e.g., 104.16.x.x or 172.67.x.x) confirms the domain is orange-cloud proxied through Cloudflare.

What is the difference between a CDN and a hosting provider?

A hosting provider stores the origin files and generates responses. A CDN caches those responses at edge nodes worldwide and serves them to nearby visitors. Many sites use both simultaneously—for example, a server hosted on DigitalOcean sitting behind Cloudflare's CDN and WAF.

Can a website hide which CDN it uses?

CDN headers can be suppressed, but DNS CNAME records, IP ASN data, and TLS SANs are difficult to fully hide. Automated scanners combine multiple signal layers to identify CDNs even when response headers have been customised.