WAF Detection
developer/v1/domain/wafIdentifies if a Web Application Firewall (WAF) is protecting a domain by analyzing HTTP response signatures. Detects 17 major WAF providers including Cloudflare, AWS WAF, Akamai, Imperva/Incapsula, Sucuri, F5 BIG-IP, Barracuda, Fortinet FortiWeb, Google Cloud Armor, and ModSecurity with OWASP CRS. Returns confidence levels and specific evidence for each detection.
What It Does
Makes an HTTP request to the domain and analyzes multiple detection signals: WAF-specific response headers (cf-ray, x-sucuri-id, x-akamai-transformed), server header patterns, Set-Cookie signatures (e.g., __cf_bm, incap_ses_), response body patterns (block pages, challenge pages), and HTTP status code behaviors. Each detected provider includes vendor name, WAF type, confidence level (high/medium/low), and the specific evidence that triggered detection.
Why It's Useful
WAF detection is essential for security assessments (knowing what defenses are in place), troubleshooting (identifying if a WAF is blocking legitimate traffic), and competitive intelligence (understanding infrastructure choices). For penetration testers, WAF awareness is critical for adjusting testing methodology. For operations teams, knowing the WAF provider helps diagnose false positive blocks on API traffic.
Use Cases
Security Assessment
Identify WAF presence before testing to adjust methodology accordingly.
Plan penetration tests with WAF evasion considerations.
Competitive Analysis
Understand which WAF solutions competitors use for security.
Inform WAF selection based on industry adoption.
Troubleshooting
Identify if a WAF is blocking legitimate requests to APIs or services.
Diagnose connectivity issues caused by WAF blocks.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to detect WAF forExample: example.com |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
detected | boolean | Whether a WAF was detected |
primaryProvider | string | null | Primary WAF provider name, or null if no WAF detected |
providers | array | All detected WAF providers with confidence and evidence |
providerCount | number | Number of WAF providers detected |
recommendations | array | Security improvement suggestions |
Code Examples
curl "https://api.edgedns.dev/v1/domain/waf" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=example.com"const response = await fetch(
'https://api.edgedns.dev/v1/domain/waf?domain=example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/domain/waf',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'example.com'
}
)
data = response.json()
print(data)Read the full WAF Detection guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the WAF Detection endpoint live in the playground.