CloudFlare-AlwaysOnline
CloudFlare-AlwaysOnline is an internal CDN bot operated by Cloudflare. It performs health checks, prefetching, SSL probes, or other infrastructure tasks. It is rarely user-facing.
Almost always safe to allow. Most CDNs need their own probes to make routing decisions, and blocking them can cause performance regressions or false alarms in the CDN's own monitoring.
If you are not on this CDN, the traffic should be near-zero, and you can investigate why it is hitting you.
See CloudFlare-AlwaysOnline on your own site
Match the User-Agent header on incoming requests against the pattern below.
regex
For higher confidence, also verify the source IP against the operator's published ranges. UA strings can be spoofed; IP ownership is harder to fake.
Renders JavaScript
No
IP verification
Published IP ranges
Crawl frequency
Scheduled probes
Honors robots.txt
Yes
Honors Crawl-delay
Varies
Cloudflare runs 35 bots in total. Each one is a separate user-agent so you can allow or block them independently.
DevOps & Monitoring
10SEO Crawler
6CDN Infrastructure
5- CloudFlare-AlwaysOnlineYou are here
- Cloudflare-Healthchecks
- CloudFlare-Prefetch
- Cloudflare-SSLDetector
- Cloudflare-Traffic-Manager
Training Crawler
4Security Scanner
3AI Search Index
2Link Unfurler
2Generic Crawler
2Task Automation
1Should I let CloudFlare-AlwaysOnline through?
In most cases, yes. Internal infrastructure traffic. Blocking can break CDN routing and monitoring. If volume gets noisy, rate-limit it before you block it outright.
Does blocking CloudFlare-AlwaysOnline affect my Google rankings?
No. CloudFlare-AlwaysOnline is not a search-engine crawler. Your ranking on Google or Bing is unaffected by what you do here.
How do I confirm a request is really from CloudFlare-AlwaysOnline?
Look at the User-Agent header in your access logs and match it against the strings listed above. Worth knowing that the User-Agent is easy to fake, so this check tells you "the traffic claims to be CloudFlare-AlwaysOnline", not "the traffic is genuinely CloudFlare-AlwaysOnline". If you need stronger guarantees, look for a reverse-DNS check or wait for Cloudflare to publish IP ranges.
What's the best way to understand what CloudFlare-AlwaysOnline is doing on my site?
Look at which URLs it hits, how often, and what time of day. The request pattern usually tells you whether it's building an index, watching for a specific change, or trying to pull data in bulk. The User-Agent name alone rarely tells the full story.
How is CloudFlare-AlwaysOnline different from Cloudflare's other bots?
Cloudflare splits work across multiple user-agents so site owners can decide on each one independently. Training crawlers, live-fetch agents, search indexers, and agentic browsers each get their own name. Worth scanning the rest of the Cloudflare family above to see which ones actually matter for your site.
What's the cleanest way to control CloudFlare-AlwaysOnline?
Two layers. Robots.txt for the polite crawlers that read it, and rules at your CDN or edge for the ones that don't. Rankly's Agent Experience handles both from a single config, so you can allow, block, rate-limit, or serve a stripped-down version per bot. Agent Analytics handles the observation half so you know which bots are actually worth a rule.
Verify everything above against the operator's own documentation.