Skip to content
Cloudflare Docs

Automatic request headers

Cloudflare automatically attaches headers to every REST API request made through Browser Rendering. These headers make it easy for destination servers to identify that these requests came from Cloudflare.

HeaderDescription
cf-biso-request-idA unique identifier for the Browser Rendering request
cf-biso-devtoolsA flag indicating the request originated from Cloudflare's rendering infrastructure
Signature-agentThe location of the bot public keys, used to sign the request and verify it came from Cloudflare
Signature and Signature-inputA digital signature, used to validate requests, as shown in this architecture document

The Signature headers use an authentication method called Web Bot Auth. Web Bot Auth leverages cryptographic signatures in HTTP messages to verify that a request comes from an automated bot. To verify a request originated from Cloudflare Browser Rendering, use the keys found on this directory to verify the Signature and Signature-Input found in the headers from the incoming request. A successful verification proves that the request originated from Cloudflare Browser Rendering and has not been tampered with in transit.