What is Email Address Obfuscation?

Cloudflare Email Address Obfuscation helps in spam prevention by hiding email addresses appearing in your pages from email harvesters and other bots, while remaining visible to your site visitors.


Email harvesters and other bots roam the Internet looking for email addresses to add to lists that target recipients for spam. This trend results in an increasing amount of unwanted email.

Web administrators have come up with clever ways to protect against this by writing out email addresses (i.e., help [at] cloudflare [dot] com) or by using embedded images of the email address. However, you lose the convenience of clicking on the email address to automatically send an email.

By enabling Cloudflare Email Address Obfuscation, email addresses on your web page will be obfuscated (hidden) from bots, while keeping them visible to humans. In fact, there are no visible changes to your website for visitors.

For email address obfuscation to work in Cloudflare, a page must have a MIME type (Content-Type) of "text/html" or "application/xhtml+xml". 

Verify email address obfuscation

Cloudflare enables email address obfuscation automatically when you sign up. 

To verify email address obfuscation in the Cloudflare dashboard:

1. Log in to the Cloudflare dashboard.

2. Ensure the website you want to verify is selected.

3. Click the Scrape Shield app.

4. Under Email Address Obfuscation, check that the toggle is set to On.

Alternatively, you can retrieve the page source from an HTTP client such as CURL, an HTTP library, or browser's view-source option. Then, review the source HTML to confirm that the address is no longer present. 

Troubleshoot email obfuscation

To prevent unexpected website behavior, email addresses are not obfuscated when they appear in:

  • Any HTML tag attribute, except for the href attribute of the a tag.
  • Other HTML tags:

script tags: <script></script>

noscript tags: <noscript></noscript>

HTML comments: <!-- -->

textarea tags: <textarea></textarea>

xmp tags: <xmp></xmp>

head tags: <head></head>

  • Any page that does not have a MIME type of "text/html" or "application/xhtml+xml"

Prevent Cloudflare from obfuscating email

To prevent Cloudflare from obfuscating emails, you can:

  • Add the following comment in the page HTML code: 

<!--email_off-->you email addresses, goes here<!--/email_off-->

  • Return email addresses in JSON format for AJAX calls, making sure your web server returns a content type of "application/json".

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk