Automatic request headers
Cloudflare automatically attaches headers to every REST API request made through Browser Rendering. These headers make it easy for destination servers to identify that these requests came from Cloudflare.
Header | Description |
---|---|
cf-biso-request-id | A unique identifier for the Browser Rendering request |
cf-biso-devtools | A flag indicating the request originated from Cloudflare's rendering infrastructure |
Signature-agent | The location of the bot public keys ↗, used to sign the request and verify it came from Cloudflare |
Signature and Signature-input | A digital signature, used to validate requests, as shown in this architecture document ↗ |
The Signature
headers use an authentication method called Web Bot Auth. Web Bot Auth leverages cryptographic signatures in HTTP messages to verify that a request comes from an automated bot. To verify a request originated from Cloudflare Browser Rendering, use the keys found on this directory ↗ to verify the Signature
and Signature-Input
found in the headers from the incoming request. A successful verification proves that the request originated from Cloudflare Browser Rendering and has not been tampered with in transit.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark