Test your configuration

After enabling and configuring exposed credentials checks, you may want to test if the checks are working properly.

Recommendation: Use leaked credentials detection instead

Cloudflare recommends that you use leaked credentials detection instead of Cloudflare Exposed Credentials Check, which refers to a previous implementation.
For more information on upgrading your current Exposed Credentials Check configuration, refer to the upgrade guide.

Cloudflare provides a special set of case-sensitive credentials for this purpose:

Login: CF_EXPOSED_USERNAME or CF_EXPOSED_USERNAME@example.com
Password: CF_EXPOSED_PASSWORD

The WAF always considers these specific credentials as having been previously exposed. Use them to force an "exposed credentials" event, which allows you to check the behavior of your current configuration.

Was this helpful?

Resources
API
New to Cloudflare?
Products
Sponsorships
Open Source

Support
Help Center
System Status
Compliance
GDPR

Company
cloudflare.com
Our team
Careers

Tools
Cloudflare Radar
Speed Test
Is BGP Safe Yet?
RPKI Toolkit
Certificate Transparency

Community
X
Discord
YouTube
GitHub

Privacy Policy
Terms of Use
Report Security Issues
Trademark