§ cdn-detect

cdn-detect.

Identifies which CDN sits in front of a hostname by following the DNS → IP → ASN chain and matching against a curated list of CDN autonomous systems. The same answer reconnaissance starts a pen-test with.

method

DoH lookup for A and AAAA, then RIPE Stat network-info to get the covering prefix and origin AS, then a static map of CDN ASNs (Cloudflare, Akamai, Fastly, AWS CloudFront, Google, Azure, Bunny, Stackpath, CDN77, Limelight, Yandex, Alibaba, Huawei).

limits

ASN match alone may miss boutique CDNs not in our list and will mis-classify a server self-hosted on a CDN's general-purpose cloud (e.g. AWS EC2 in AS16509 looks identical to CloudFront). response-header fingerprinting (next iteration) disambiguates.

why ASN, not headers

ASN is structural — it's the network that announces the IP. it does not lie. response headers (server: cloudflare, x-served-by, x-amz-cf-id) are easier to fake or strip and require an outbound HTTP fetch, which we keep client-side here.

upstream: cloudflare-dns.com (DoH), stat.ripe.net.