Why does my scanner report "/cdn-cgi/l/email-protection" as a broken link?

Short answer: It’s a false positive. The link works fine for your visitors — only automated scanners see it as broken. No fix is required.

What’s happening

Your site’s share bar has an email-share button, and your site runs behind Cloudflare, which has a feature called Email Address Obfuscation turned on to hide email addresses from bots.

When a scanner (like Monsido) checks your pages, Cloudflare swaps the email link for a protected /cdn-cgi/l/email-protection URL and uses JavaScript to convert it back. Real visitors’ browsers run that JavaScript automatically, so the link works normally — but scanners don’t run it, so they flag it as broken.

In short: it affects the scanner’s report, not your actual visitors.

If you’d like to clear it from your report

Both options are handled in your Cloudflare settings, so we recommend looping in your IT team:

  1. Add an exception so the scanner isn’t served the protected link, or
  2. Turn off Email Obfuscation in Cloudflare’s Scrape Shield settings.

📄 Cloudflare guide: Email Address Obfuscation

Still have questions? Just open a ticket — we’re happy to help.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.