This detection technique gathers general data about the machines reaching Cloudflare. For example, Cloudflare might learn that a particular user is accessing Cloudflare via Google Chrome on a MacBook Pro. Because there are millions of people using Google Chrome on a MacBook Pro, we cannot identify specific individuals.
- If you have a Content Security Policy (CSP):
- Ensure that it does not block scripts served from /cdn-cgi/bm/ or requests made to /cdn-cgi/bm/results. Your CSP should allow scripts served from your origin domain (script-src self).
- If your CSP uses a nonce for script tags, Cloudflare will add these nonces to the scripts it injects by parsing your CSP response header.