Cloudflare has a great little piece of functionality called “Server-Side Excludes”, tucked away on the “Scrape Shield” tab. The idea is that if you have some information that you’d rather not have a suspicious person (or bot!) seeing, but you don’t want to hide the page from them completely, you can just hide the specific sections that include the information.
This is done using custom tags, like this…
<!--sse-->Hide this part<!--/sse-->
As you can see, these are actually HTML comments, but kind of setup like open and closing HTML tags.
I also found it very difficult to test, and both a support desk call and a rather lengthy community forum thread on the subject, found that the only real way to test this is to use Tor and keep changing the circuit until you get an exit node with a bad reputation. Not exactly foolproof, but gets the job done. If you want to try this, I’d recommend downloading the Tor Browser, it’s just like using Firefox.
Having done this, I decided to go in depth on this and create a course entitled Setting up Cloudflare – Scrape Shield deep dive which goes through all of the “Scrape Shield” options, including the SSE functionality. I hope this is useful to others, as I found the documentation a little light on the ground.