A tool that checks if any website uses a paid Cloudflare subscription by examining their public /cdn-cgi/trace endpoint. Cloudflare only allows disabling Encrypted Client Hello (ECH) in paid plans, so sni=plaintext indicates a paid subscription. Works on any Cloudflare-proxied site.
Seems like this might a wrong assumption (or CF changed something). Just tested one of my own sites that's on the free plan and it has "sni=plaintext".
There are occasional false positives, but querying different Cloudflare data centers usually resolves this. I've found that switching VPN servers (which routes through different CF edge locations) eventually gives the correct result.
The tool only detects a subset of paid Cloudflare users - specifically those with the default ECH settings. If your site shows as undetermined, it likely means you're on a free plan or a paid plan with ECH enabled.
From what I've observed:
- Free plans: ECH is forcefully enabled (sni=encrypted)
- Paid plans: ECH is disabled by default (sni=plaintext), but can be manually enabled
The tool can only definitively distinguish between free plans and paid plans that use the default ECH settings.
rapawel|5 months ago
phillipseamore|5 months ago
rapawel|5 months ago
wordglyph|5 months ago
rapawel|5 months ago
From what I've observed:
- Free plans: ECH is forcefully enabled (sni=encrypted)
- Paid plans: ECH is disabled by default (sni=plaintext), but can be manually enabled
The tool can only definitively distinguish between free plans and paid plans that use the default ECH settings.
rizky05|5 months ago
[deleted]