If you run a WordPress website and use Cloudflare, you may have seen URLs like this: /cdn-cgi/l/email-protection
This URL comes from Cloudflare. It hides email addresses from bots. Bots often scrape websites to collect emails and send spam. Cloudflare adds this tool to stop them.
In this article, I’ll explain what this URL means, how it works, and how to remove or stop it from being crawled – no coding knowledge required.
What Is /cdn-cgi/l/email-protection?
Cloudflare protects your email addresses using a script. This script hides the actual email from bots.
Here’s how it works:
- You write an email in plain text (like [email protected]).
- Cloudflare hides it using JavaScript.
- Visitors can usually see it.
- Bots cannot scrape it.
But when bots or crawlers scan your page, they may still try to crawl this script. That’s why you might see it in crawl reports or tools like Google Search Console.
Why Do You See /cdn-cgi/l/email-protection in Search Tools?
This URL appears because Google or other crawlers try to load every script on your site.
Even though it doesn’t contain content, Google tries to fetch it. That’s okay. It won’t hurt your SEO. But if you want to block or remove it, you can do that safely.
How to Disable or Remove /cdn-cgi/l/email-protection from Crawling
There are a few simple ways to stop this URL from getting crawled.
Method 1: Use robots.txt
This is the best way. It tells search engines not to crawl the URL.
Go to your WordPress root directory. Open the robots.txt file. If it doesn’t exist, create one.
Add this line:
Disallow: /cdn-cgi/
Save it. That’s it.
This tells search engines: “Don’t crawl anything inside /cdn-cgi/.”
Method 2: Add a Rule in Cloudflare
You can prevent this script from loading by creating a rule in your Cloudflare settings.
Steps:
- Log in to Cloudflare
- Choose your site
- Go to Rules > Page Rules
- Create a new rule:
- If URL matches: *yourdomain.com/cdn-cgi/*
- Then: Disable Performance and Disable Security
This does not remove the script but limits how Cloudflare handles it.
Method 3: Turn Off Email Obfuscation in Cloudflare
If you don’t want Cloudflare to use this tool at all, turn it off.
Steps:
- Log in to Cloudflare
- Go to Scrape Shield
- Find Email Address Obfuscation
- Toggle it off
Once turned off:
- Cloudflare will stop hiding emails using the script
- The URL /cdn-cgi/l/email-protection will disappear
Make sure you then manually protect your email. Use a contact form or image instead.
Method 4: Use a Plugin That Protects Emails
If you don’t want Cloudflare to handle it, use a WordPress plugin.
Some good ones:
- Email Address Encoder
- WP Mailto Links
These plugins hide email addresses in innovative ways. Some use JavaScript. Some turn emails into clickable text without showing the address.
Should You Remove /cdn-cgi/l/email-protection?
If you care about crawl reports being clean, yes. If you use other ways to protect your email, yes. If you’re satisfied with Cloudflare’s method, you can leave it as is.
This script doesn’t hurt your site. But it adds clutter in tools like Ahrefs or Google Search Console.
So, it’s safe to remove or block it.
FAQs
1. Is /cdn-cgi/l/email-protection terrible for SEO?
No. It doesn’t affect your rankings. However, it can manifest as crawl errors.
2. How can I verify that Cloudflare is protecting my email?
View your site’s source code. Look for strings like data-cfemail. That means Cloudflare is hiding your email.
3. Will disabling email protection reveal my email address to spammers?
Yes, unless you use an alternative method, such as a plugin or a contact form.
4. Can I hide this URL from users?
Users usually don’t see it. Only bots or developers notice it in tools.