Email harvesters and other bots roam the Internet looking for email addresses to add to lists that target recipients for spam. This trend results in an increasing amount of unwanted email.

Web administrators have come up with clever ways to protect against this by writing out email addresses, such ashelp [at] cloudflare [dot] com or by using embedded images of the email address. However, you lose the convenience of clicking on the email address to automatically send an email. By enabling Cloudflare Email Address Obfuscation, email addresses on your web page will be obfuscated (hidden) from bots, while keeping them visible to humans. In fact, there are no visible changes to your website for visitors.

When Email Address Obfuscation is enabled, Cloudflare replaces visible email addresses in your HTML with links like[email protected]. If a visitor sees this obfuscated format, they can click the link to reveal the actual email address. This approach prevents bots from scraping email addresses while keeping them accessible to real users.

Cloudflare enables email address obfuscation automatically when you sign up.

To prevent Cloudflare from obfuscating specific email addresses, you can:

• Add the following comment in the page HTML code:

  <!--email_off-->contact@example.com<!--/email_off-->

• Return email addresses in JSON format for AJAX calls, making sure your web server returns a content type ofapplication/json.

• Disable the Email Obfuscation feature by creating aconfiguration rule to be applied on a specific endpoint.

To prevent unexpected website behavior, email addresses are not obfuscated when they appear in:

• Any HTML tag attribute, except for thehref attribute of thea tag.
• Other HTML tags:
  • script tags:<script></script>
  • noscript tags:<noscript></noscript>
  • textarea tags:<textarea></textarea>
  • xmp tags:<xmp></xmp>
  • head tags:<head></head>
• Any page that does not have a MIME type oftext/html orapplication/xhtml+xml.