As @Kirsty noted over in the Code Red forum yesterday, Cloudflare has reported a security problem with their servers which led to leaked information f
[See the full post at: Cloudflare parser leak: No problem here]
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
Cloudflare parser leak: No problem here
Home » Forums » Newsletter and Homepage topics » Cloudflare parser leak: No problem here
- This topic has 15 replies, 8 voices, and was last updated 8 years, 2 months ago by
anonymous.
Tags: Cloudflare
AuthorTopicViewing 4 reply threadsAuthorReplies-
NetDef
AskWoody_MVP -
anonymous
GuestFebruary 26, 2017 at 4:35 am #97378NowSecure (https://www.nowsecure.com/) is also using CloudFlare. I see the big red notification box on their home page…
Woody, can you post a more specific link? I can’t find the list of affected sites on NowSecure.
-
woody
ManagerFebruary 26, 2017 at 6:19 am #97385I thought it would be easy to find a definitive list of leaky sites, but nuthin’s easy on the web…
This site seems to be the most thorough: http://cloudflarelistcheck.abal.moe/
1 user thanked author for this post.
-
JohnW
AskWoody LoungerFebruary 27, 2017 at 11:51 am #97568Woody! Thanks for that checker!
Here’s a list of sites that use Cloudflare, but doesn’t necessarily mean they leaked. But sometimes better to be safe … it’s a long list, butyou can use your browser’s “Find” tool to search the list for site domains that you may use.
Windows 10 Pro 22H2
-
anonymous
GuestMarch 2, 2017 at 6:10 am #98202This is not the full list. Far away from that. Hundreds of thousands of sites use CloudFlare. The Alexa top 10000 is just a fraction of that.
“Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.” so if you always used https://yourcloudflarehostedsite.com, you should not worry.
However if you only typed “yourcloudflarehostedsite.com” in the address bar, browsers think you mean http://yourcloudflarehostedsite.com, and the redirection to https is made by CloudFlare. In this case, you might be affected.
Check out https://rosettacode.org/wiki/Rosetta_Code, this is how every site using CloudFlare should look like now: they should all have a big red notification bar.
-
-
JohnW
AskWoody Lounger
-
-
-
-
Microfix
AskWoody MVP -
anonymous
Guest -
woody
ManagerFebruary 26, 2017 at 7:06 am #97392Martin Brinkmann has a discussion of two browser extensions — one for Firefox, the other for Chrome – called CloudBleed. CloudBleed scans your browsing history and tell you if you’ve ventured onto a leaky site.
Give it a try. See this ghacks article.
1 user thanked author for this post.
-
Kirsty
ManagerFebruary 26, 2017 at 10:44 am #97411The Firefox extension took seconds to install and check. I got 12 results, but there wasn’t anything with an account, which is worth knowing anyway.
-
PKCano
Manager
-
-
JohnW
AskWoody Lounger -
Kirsty
ManagerFebruary 27, 2017 at 11:50 am #97565The impact has been wide, including (reportedly) 200 iOS apps, Fitbits etc.
Reference source: https://wptavern.com/cloudflare-memory-leak-exposes-private-data
-
-
JohnW
AskWoody LoungerFebruary 27, 2017 at 12:14 pm #97573If you have deleted your browser history, the plugin can also check your bookmarks instead.
But if like me you use multiple browsers including Edge, and delete some history, I found another way.
I also use CCleaner to preserve my “good” cookies for sites with accounts. The CCleaner cookie “whitelist” makes a good list to check with with the leak checker you listed here: http://cloudflarelistcheck.abal.moe/
Windows 10 Pro 22H2
-
-
WildBill
AskWoody PlusFebruary 26, 2017 at 3:37 pm #97426I use NoScript & AdBlockPlus; usually to reach a site (like AskWoody), I temporarily allow the site I go to under NoScript. Have some hits, but I only have accounts on 2 sites. For Medium, I had to change my Twitter password, since I sign in with it.
Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...
Viewing 4 reply threads - This topic has 15 replies, 8 voices, and was last updated 8 years, 2 months ago by
-

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Xfinity home internet
by
MrJimPhelps
2 hours, 32 minutes ago -
Convert PowerPoint presentation to Impress
by
RetiredGeek
4 hours, 31 minutes ago -
Debian 12.11 released
by
Alex5723
12 hours, 58 minutes ago -
Microsoft: Troubleshoot problems updating Windows
by
Alex5723
16 hours, 39 minutes ago -
Woman Files for Divorce After ChatGPT “Reads” Husband’s Coffee Cup
by
Alex5723
3 hours, 2 minutes ago -
Moving fwd, Win 11 Pro,, which is best? Lenovo refurb
by
Deo
13 hours, 7 minutes ago -
DBOS Advanced Network Analysis
by
Kathy Stevens
1 day, 9 hours ago -
Microsoft Edge Launching Automatically?
by
healeyinpa
23 hours, 59 minutes ago -
Google Chrome to block admin-level browser launches for better security
by
Alex5723
1 day, 12 hours ago -
iPhone SE2 Stolen Device Protection
by
Rick Corbett
1 day, 4 hours ago -
Some advice for managing my wireless internet gateway
by
LHiggins
12 hours, 3 minutes ago -
NO POWER IN KEYBOARD OR MOUSE
by
HE48AEEXX77WEN4Edbtm
4 hours, 55 minutes ago -
A CVE-MITRE-CISA-CNA Extravaganza
by
Nibbled To Death By Ducks
1 day, 21 hours ago -
Sometimes I wonder about these bots
by
Susan Bradley
1 day, 18 hours ago -
Does windows update component store “self heal”?
by
Mike Cross
1 day, 8 hours ago -
Windows 11 Insider Preview build 27858 released to Canary
by
joep517
2 days, 11 hours ago -
Pwn2Own Berlin 2025: Day One Results
by
Alex5723
19 hours, 38 minutes ago -
Windows 10 might repeatedly display the BitLocker recovery screen at startup
by
Susan Bradley
8 hours, 16 minutes ago -
Windows 11 Insider Preview Build 22631.5409 (23H2) released to Release Preview
by
joep517
2 days, 14 hours ago -
Windows 10 Build 19045.5912 (22H2) to Release Preview Channel
by
joep517
2 days, 14 hours ago -
Kevin Beaumont on Microsoft Recall
by
Susan Bradley
2 days, 2 hours ago -
The Surface Laptop Studio 2 is no longer being manufactured
by
Alex5723
2 days, 22 hours ago -
0Patch, where to begin
by
cassel23
2 days, 16 hours ago -
CFPB Quietly Kills Rule to Shield Americans From Data Brokers
by
Alex5723
3 days, 12 hours ago -
89 million Steam account details just got leaked,
by
Alex5723
2 days, 23 hours ago -
KB5058405: Linux – Windows dual boot SBAT bug, resolved with May 2025 update
by
Alex5723
3 days, 20 hours ago -
A Validation (were one needed) of Prudent Patching
by
Nibbled To Death By Ducks
3 days, 11 hours ago -
Master Patch Listing for May 13, 2025
by
Susan Bradley
13 hours, 52 minutes ago -
Installer program can’t read my registry
by
Peobody
5 hours, 46 minutes ago -
How to keep Outlook (new) in off position for Windows 11
by
EspressoWillie
3 days, 9 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.